aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat cloudforms cloud engine |
||
redhat cloudforms cloud engine 1.0 |