Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Aeolus Configuration Server 信息泄露漏洞
Vulnerability Description
Aeolus是一组单独的,统一的工具集,用来创建和管理云平台之间的虚拟机组。 Red Hat CloudForms Cloud Engine 1.1.2之前版本使用的Aeolus Configuration Server中存在漏洞,该漏洞源于/var/log/aeolus-configserver/configserver.log使用全局可读权限。通过读取日志文件,本地攻击者利用该漏洞读取明文密码。
CVSS Information
N/A
Vulnerability Type
N/A