Vulnerability Description
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 3.8.0 |
| Redhat | Satellite | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:7851
- https://access.redhat.com/errata/RHSA-2024:1061
- https://access.redhat.com/security/cve/CVE-2023-4886Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2230135Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7851
- https://access.redhat.com/errata/RHSA-2024:1061
- https://access.redhat.com/security/cve/CVE-2023-4886Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2230135Issue TrackingVendor Advisory
FAQ
What is CVE-2023-4886?
CVE-2023-4886 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readab...
How severe is CVE-2023-4886?
CVE-2023-4886 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4886?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman, Redhat Satellite.