Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0135

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2014-0135
Last Modified 09 May 2014 12:12:24
Published 08 May 2014 10:29:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0135

Summary

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

Vulnerable Systems

Application

  • Theforeman Kafo 0.0.1

  • Theforeman Kafo 0.0.10

  • Theforeman Kafo 0.0.11

  • Theforeman Kafo 0.0.12

  • Theforeman Kafo 0.0.13

  • Theforeman Kafo 0.0.14

  • Theforeman Kafo 0.0.15

  • Theforeman Kafo 0.0.16

  • Theforeman Kafo 0.0.17

  • Theforeman Kafo 0.0.2

  • Theforeman Kafo 0.0.3

  • Theforeman Kafo 0.0.4

  • Theforeman Kafo 0.0.5

  • Theforeman Kafo 0.0.6

  • Theforeman Kafo 0.0.7

  • Theforeman Kafo 0.0.8

  • Theforeman Kafo 0.0.9

  • Theforeman Kafo 0.1.0

  • Theforeman Kafo 0.2.0

  • Theforeman Kafo 0.2.1

  • Theforeman Kafo 0.2.2

  • Theforeman Kafo 0.3.0

  • Theforeman Kafo 0.3.1

  • Theforeman Kafo 0.3.10

  • Theforeman Kafo 0.3.11

  • Theforeman Kafo 0.3.12

  • Theforeman Kafo 0.3.13

  • Theforeman Kafo 0.3.14

  • Theforeman Kafo 0.3.15

  • Theforeman Kafo 0.3.16

  • Theforeman Kafo 0.3.2

  • Theforeman Kafo 0.3.3

  • Theforeman Kafo 0.3.4

  • Theforeman Kafo 0.3.5

  • Theforeman Kafo 0.3.6

  • Theforeman Kafo 0.3.7

  • Theforeman Kafo 0.3.8

  • Theforeman Kafo 0.3.9

  • Theforeman Kafo 0.4.0

  • Theforeman Kafo 0.5.0

  • Theforeman Kafo 0.5.1


References

CONFIRM - http://theforeman.org/security.html


Last Updated: 27 May 2016 11:05:13