GHSA-hxvp-655x-xxqv

Source

https://github.com/advisories/GHSA-hxvp-655x-xxqv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hxvp-655x-xxqv/GHSA-hxvp-655x-xxqv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hxvp-655x-xxqv

Aliases

CVE-2014-0135

Published

2022-05-17T04:44:31Z

Modified

2024-12-06T05:38:12.351755Z

Summary

Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Details

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

Database specific

{
    "nvd_published_at": "2014-05-08T14:29:00Z",
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:09:10Z"
}

References

Affected packages

RubyGems / kafo

Package

Name: kafo
Purl: pkg:gem/kafo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.17

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.1.0

0.2.0

0.2.1

0.2.2

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.3.10

0.3.11

0.3.12

0.3.13

0.3.14

0.3.15

0.3.16

RubyGems / kafo

Package

Name: kafo
Purl: pkg:gem/kafo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.4.0

Fixed

0.5.2

Affected versions

0.*

0.4.0

0.5.0

0.5.1