Foreman: world readable file containing secrets
CVE-2023-4886

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite 6.13 For Rhel 8; Red Hat Satellite 6.14 For Rhel 8
Vendor: CVE Published:; 3 October 2023

Summary

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Affected Version(s)

Red Hat Satellite 6.13 for RHEL 8 0:3.5.1.24-1.el8sat

Red Hat Satellite 6.14 for RHEL 8 0:3.7.0.10-1.el8sat

References

https://access.redhat.com/errata/RHSA-2023:7851

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1061

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4886

vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 11, 2023

Collectors

NVD DatabaseMitre Database