CVE-2019-13313

Published: Jul 5, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Affected (14)

Products: Libosinfo: Libosinfo · Fedoraproject: Fedora · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

1 product

1 product

4 products

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libosinfo Libosinfo	Version 1.5.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Eus	Version 8.6
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Aus	Version 8.6
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 8.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (20)

http://www.openwall.com/lists/oss-security/2019/07/08/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3387

Source: cve@mitre.org

Third Party Advisory

https://gitlab.com/libosinfo/libosinfo/-/tags

Source: cve@mitre.org

Release NotesThird Party Advisory

https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS

Source: cve@mitre.org

Release NotesThird Party Advisory

https://libosinfo.org/download/

Source: cve@mitre.org

Release NotesVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4AD73NGYBV7GYT4LFC3TC7AYBWOJTG4/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT44EYZZQFTK7XM6GKCYC4WUE7HYZVXM/

Source: cve@mitre.org

https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/07/08/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3387

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/libosinfo/libosinfo/-/tags

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://libosinfo.org/download/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4AD73NGYBV7GYT4LFC3TC7AYBWOJTG4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT44EYZZQFTK7XM6GKCYC4WUE7HYZVXM/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.