ALT-PU-2019-2536-1
Closed vulnerabilities
Published: 2019-07-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20190708 CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments
- [oss-security] 20190708 CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments
- RHSA-2019:3387
- RHSA-2019:3387
- https://gitlab.com/libosinfo/libosinfo/-/tags
- https://gitlab.com/libosinfo/libosinfo/-/tags
- https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS
- https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS
- https://libosinfo.org/download/
- https://libosinfo.org/download/
- FEDORA-2019-4b8990e4d6
- FEDORA-2019-4b8990e4d6
- FEDORA-2019-c9fbe3db9c
- FEDORA-2019-c9fbe3db9c
- FEDORA-2019-e23aeac13e
- FEDORA-2019-e23aeac13e
- FEDORA-2019-d2cde4761e
- FEDORA-2019-d2cde4761e
- https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html
- https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html