CVE-2016-6349

Published: Mar 29, 2017Modified: May 13, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

Affected (1)

Products: Projectatomic: Oci Register Machine

Projectatomic

1 product

Oci Register Machine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Projectatomic Oci Register Machine	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://www.openwall.com/lists/oss-security/2016/07/26/9

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2016/10/13/7

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/92143

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1360634

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/projectatomic/oci-register-machine/pull/22

Source: cve@mitre.org

Patch

http://www.openwall.com/lists/oss-security/2016/07/26/9