Foreman: world readable file containing secrets
CVE-2023-4886

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite 6.13 For Rhel 8; Red Hat Satellite 6.14 For Rhel 8
Vendor: CVE Published:; 3 October 2023

What is CVE-2023-4886?

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Affected Version(s)

Red Hat Satellite 6.13 for RHEL 8 0:3.5.1.24-1.el8sat

References

https://access.redhat.com/errata/RHSA-2023:7851

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1061

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4886

vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 11, 2023