ALT-PU-2022-6364-1
Package fwupd updated to version 1.8.5-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2022-09-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References: