Project

General

Custom queries

Profile

Actions
Copy link

Bug #30490

closed

CVE-2020-14334 - unauthorized cache read on RPM-based installations through local user

Added by Ondřej Ezr almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Ezr
Category:
RPMs
Target version:
Foreman - 2.1.1
Difficulty:
Triaged:
Yes
Bugzilla link:
1858308
Pull request:
https://github.com/theforeman/foreman-packaging/pull/5596, https://github.com/theforeman/foreman-packaging/pull/5597, https://github.com/theforeman/foreman-packaging/pull/5598
Fixed in Releases:
Foreman - 2.0.2, Foreman - 2.1.1, Foreman - 2.2.0
Found in Releases:
Red Hat JIRA:

Description

Cache permissions allow unauthorized read

Files

0001-BZ-1858308-CVE-2020-14334-too-permissive-mode-for-ca.patch 0001-BZ-1858308-CVE-2020-14334-too-permissive-mode-for-ca.patch 1.12 KB Fix-too permissive mode on cache dir Ondřej Ezr, 07/24/2020 11:12 PM
Actions
Copy link
 #4

Updated by Ewoud Kohl van Wijngaarden almost 5 years ago

This looks good. Perhaps it's Redmine formatting, but it looks like the whitespace might be a bit odd.

Actions
Copy link
 #5

Updated by Ondřej Ezr almost 5 years ago

  • Private changed from Yes to No

Embargo is lifted.

Actions
Copy link
 #11

Updated by Ondřej Ezr almost 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF