Published: 15/04/2019 Updated: 15/10/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

It exists that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat satellite 6.4

Synopsis Moderate: Satellite 65 Release Type/Severity Security Advisory: Moderate Topic Red Hat Satellite 65 for RHEL 7 is now available containing security fixes, bug fixes, and enhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sco ...

Impact: Moderate Public Date: 2019-04-10 CWE: CWE-532 Bugzilla: 1693867: CVE-2019-3891 candlepin: crede ...

CWE-532 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891 https://access.redhat.com/errata/RHSA-2019:1222 https://access.redhat.com/errata/RHSA-2019:1222 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-3891

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3891

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect