Published: 28/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fwupd fwupd

Synopsis Moderate: fwupd security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for fwupd is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: fwupd security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for fwupd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...

Description A flaw was found in fwupd When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfishconf without proper restriction, allowing any user on the system to read the same configuration file A flaw was found in fwupd When creating an OPERATOR user acco ...

CWE-552 https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 https://access.redhat.com/errata/RHSA-2023:2487 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-3287

CVE-2022-3287

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect