CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-3891

HIGH
7.8
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile26.14th
Published2019年4月15日
Last Modified2024年11月21日

Vulnerability Description

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

Affected Platforms (CPE)

📦
Redhat

Satellite

= 6.4

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2019:1222
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
🔗 https://access.redhat.com/errata/RHSA-2019:1222
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891

相关漏洞威胁

CVE-2013-603410.0

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmars...

CVE-2013-603510.0

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmars...

CVE-2021-3540210.0

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters ...

CVE-2014-294010.0

Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrat...