Database Credential Exposure in Red Hat Satellite by Candlepin Component
CVE-2019-3891
5.5MEDIUM
Summary
A vulnerability has been identified in the Candlepin component of Red Hat Satellite 6.4 where a world-readable log file exposes sensitive database credentials. This situation can be exploited by a malicious user with local access to the Satellite host, allowing them to modify the database and disrupt the ability to fetch package updates. Consequently, this impacts the update access for all Satellite-managed hosts.
Affected Version(s)
candlepin affects Satellite 6.4
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved