Untriaged
Permalink
CVE-2023-4886
6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Foreman: world readable file containing secrets
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
References
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry
- RHBZ#2230135 issue-tracking x_refsource_REDHAT
- RHBZ#2230135 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7851 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:1061 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4886 x_refsource_REDHAT vdb-entry x_transferred
Affected products
foreman
- ==3.8.0
- *
foreman-installer
- *
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>