CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3891

HIGH
7.8
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile26.14th
PublishedApr 15, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

Affected Platforms (CPE)

πŸ“¦
Redhat

Satellite

= 6.4

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2019:1222
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
πŸ”— https://access.redhat.com/errata/RHSA-2019:1222
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891

Related Vulnerabilities

CVE-2013-603410.0

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmars...

CVE-2013-603510.0

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmars...

CVE-2021-3540210.0

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters ...

CVE-2014-294010.0

Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrat...