CVE-2023-4886 - Vulnerability Details

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Satellite Satellite Capsule Satellite Maintenance Satellite Utils
Theforeman	Foreman

Configuration 1 [-]

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.13 for RHEL 8
foreman-0:3.5.1.24-1.el8sat	cpe:/a:redhat:satellite:6.13::el8	RHSA-2024:1061	2024-02-29T00:00:00Z
foreman-0:3.5.1.24-1.el8sat	cpe:/a:redhat:satellite_capsule:6.13::el8	RHSA-2024:1061	2024-02-29T00:00:00Z
foreman-0:3.5.1.24-1.el8sat	cpe:/a:redhat:satellite_utils:6.13::el8	RHSA-2024:1061	2024-02-29T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
foreman-0:3.7.0.10-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z
foreman-installer-1:3.7.0.5-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z
foreman-0:3.7.0.10-1.el8sat	cpe:/a:redhat:satellite_capsule:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z
foreman-installer-1:3.7.0.5-1.el8sat	cpe:/a:redhat:satellite_capsule:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z
foreman-0:3.7.0.10-1.el8sat	cpe:/a:redhat:satellite_utils:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z
foreman-installer-1:3.7.0.5-1.el8sat	cpe:/a:redhat:satellite_utils:6.14::el8	RHSA-2023:7851	2023-12-14T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7851
https://access.redhat.com/errata/RHSA-2024:1061
https://access.redhat.com/security/cve/CVE-2023-4886
https://bugzilla.redhat.com/show_bug.cgi?id=2230135
https://nvd.nist.gov/vuln/detail/CVE-2023-4886
https://www.cve.org/CVERecord?id=CVE-2023-4886

History

Tue, 03 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-03T14:24:56.342Z

Updated: 2025-04-09T21:12:34.570Z

Reserved: 2023-09-11T09:51:13.928Z

Link: CVE-2023-4886

Vulnrichment

Updated: 2024-08-02T07:38:00.875Z

NVD

Status : Modified

Published: 2023-10-03T15:15:40.737

Modified: 2024-11-21T08:36:11.347

Link: CVE-2023-4886

Redhat

Severity : Moderate

Publid Date: 2023-10-03T14:00:00Z

Links: CVE-2023-4886 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object