CVE-2023-4886

Summary

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Satellite 6.13 for RHEL 80:3.5.1.24-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 80:3.7.0.10-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 81:3.7.0.5-1.el8sat < *unaffected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References