Vulnerability in Redhat Cloudforms

CVE-2012-4574

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

cloudforms-pulpconf-info-disc(80548) (vdb-entry, x_refsource_XF)
88138 (x_refsource_OSVDB, vdb-entry)
51472 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
RHSA-2012:1543 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
56819 (vdb-entry, x_refsource_BID)