CVE-2024-22037

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.

Related Vulnerabilities

CVE-2021-1235

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficien...

CWE-4972021

CVE-2021-1544

MEDIUM
CVSS:5.5(Medium)

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe ...

CWE-4972021

CVE-2021-23135

MEDIUM
CVSS:5.5(Medium)

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD...

CWE-4972021

CVE-2022-28651

MEDIUM
CVSS:5.5(Medium)

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

CWE-4972022

CVE-2022-34458

MEDIUM
CVSS:5.5(Medium)

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation ...

CWE-4972022