Database Credential Exposure in Red Hat Satellite by Candlepin Component
CVE-2019-3891

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Candlepin
Vendor
CVE Published:
15 April 2019

Summary

A vulnerability has been identified in the Candlepin component of Red Hat Satellite 6.4 where a world-readable log file exposes sensitive database credentials. This situation can be exploited by a malicious user with local access to the Satellite host, allowing them to modify the database and disrupt the ability to fetch package updates. Consequently, this impacts the update access for all Satellite-managed hosts.

Affected Version(s)

candlepin affects Satellite 6.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1222
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.