It was discovered that a world-readable log file...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Apr 15, 2019
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 1, 2023
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
References