CVE-2023-4886

medium

Description

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2024:1061

https://access.redhat.com/errata/RHSA-2023:7851

https://bugzilla.redhat.com/show_bug.cgi?id=2230135

https://access.redhat.com/security/cve/CVE-2023-4886

Details

Source: Mitre, NVD

Published: 2023-10-03

Updated: 2024-03-01

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N