MidnightBSD

Advisories for libosinfo

CVE-2019-13313 LOW

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 8.1
fedoraproject fedora 29
redhat enterprise_linux_server_aus 8.6
fedoraproject fedora 30
libosinfo libosinfo 1.5.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux 8.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_eus 8.2