CVE-2022-3287

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3287

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3287.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3287

Related

Published

2022-09-28T20:15:18Z

Modified

2024-09-18T03:20:56.928225Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

References

Affected packages

Debian:11 / fwupd

Package

Name: fwupd
Purl: pkg:deb/debian/fwupd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.7-4

1.5.7-5

1.7.1-1

1.7.3-1

1.7.4-1

1.7.4-2

1.7.5-1

1.7.5-2

1.7.5-3

1.7.6-1

1.7.7-1

1.8.1-1

1.8.1-2

1.8.2-1

1.8.3-1

1.8.4-1

1.8.4-2

1.8.5-1

1.8.6-1

1.8.6-2

1.8.8-1

1.8.8-2

1.8.8-3

1.8.9-1

1.8.9-2

1.8.9-3

1.8.10-1

1.8.10-2

1.8.11-1

1.8.12-1

1.8.12-2

1.9.1-1

1.9.3-1

1.9.4-1

1.9.4-2

1.9.5-1

1.9.6-1

1.9.7-1

1.9.8-1

1.9.9-1

1.9.9-2

1.9.10-1

1.9.11-1

1.9.12-1

1.9.12-2

1.9.12-3

1.9.12-4

1.9.13-1

1.9.14-1

1.9.14-2

1.9.15-1

1.9.15-2

1.9.16-1

1.9.19-1

1.9.20-1

1.9.21-1

1.9.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / fwupd

Package

Name: fwupd
Purl: pkg:deb/debian/fwupd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / fwupd

Package

Name: fwupd
Purl: pkg:deb/debian/fwupd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/fwupd/fwupd

Affected ranges

Type: GIT
Repo: https://github.com/fwupd/fwupd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ea676855f2119e36d433fbd2ed604039f53b2091

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.8.0

0.8.1

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.10

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

Other

fwupd_0_1_0

fwupd_0_1_1

fwupd_0_1_2