CVE-2014-0135 in Kafoinfo

Summary

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

12/03/2013

Disclosure

05/08/2014

Moderation

VulDB entry created

Entries

1: VDB-69622

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

4.0

EPSS

0.00099

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-0135
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0135
CVE Details	https://www.cvedetails.com/cve/CVE-2014-0135/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!