CVE-2019-3891

Summary

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

Affected Software

VendorProductVersion RangeStatus
Red Hatcandlepinaffects Satellite 6.4affected

Weaknesses

  • CWE-532: CWE-532

ADP Enrichment

CVE Program Container

Additional References

References