Bug #30490
CVE-2020-14334 - unauthorized cache read on RPM-based installations through local user
Difficulty:
Triaged:
Yes
Bugzilla link:
Description
Cache permissions allow unauthorized read
Associated revisions
History
#2
Updated by Tomer Brisker over 2 years ago
- Bugzilla link set to 1858308
#3
Updated by Tomer Brisker over 2 years ago
- Subject changed from CVE-2020-14334 to CVE-2020-14334 - unauthorized cache read on RPM-based installations through local user
#4
Updated by Ewoud Kohl van Wijngaarden over 2 years ago
This looks good. Perhaps it's Redmine formatting, but it looks like the whitespace might be a bit odd.
#6
Updated by The Foreman Bot over 2 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-packaging/pull/5596 added
#7
Updated by The Foreman Bot over 2 years ago
- Fixed in Releases 2.2.0 added
#8
Updated by Ondřej Ezr over 2 years ago
Security page entry PR: https://github.com/theforeman/theforeman.org/pull/1654
#9
Updated by The Foreman Bot over 2 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/5597 added
#10
Updated by The Foreman Bot over 2 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/5598 added
#11
Updated by Ondřej Ezr over 2 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman-packaging|5283f1374294c5a62bb7f51140a6e2aaf10631b2.
#12
Updated by Ondřej Ezr over 2 years ago
- Fixed in Releases 2.0.2, 2.1.1 added
Fixes #30490 - CVE-2020-14334 world readable cache