{"containers": {"cna": {"affected": [{"product": "vdsm", "vendor": "vdsm", "versions": [{"status": "affected", "version": "through 2012-11-10"}]}], "descriptions": [{"lang": "en", "value": "vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)"}], "problemTypes": [{"descriptions": [{"description": "certificate generation upon node creation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-25T13:06:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5518"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2012-5518"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/3"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.263Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5518"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2012-5518"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5518", "datePublished": "2019-11-25T13:06:50", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:05:47.263Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:vdsm:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D6ED609-BF0B-44E5-BB8B-53C33A52CFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)"}, {"lang": "es", "value": "vdsm: la generaci\u00f3n de certificados tras creaci\u00f3n del nodo, permitiendo que vdsm inicie y sirva peticiones de cualquier persona que tenga una clave coincidente (y un certificado)."}], "id": "CVE-2012-5518", "lastModified": "2024-11-21T01:44:48.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-25T14:15:11.097", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/3"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2012-5518"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2012-5518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5518"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Dan Kenigsberg (Red Hat).", "bugzilla": {"description": "vdsm: certificate generation upon node creation", "id": "875367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875367"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "draft"}, "details": ["vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)"], "name": "CVE-2012-5518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "vdsm22", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "vdsm", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5518\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5518"], "statement": "Not vulnerable.\nThis issue did not affect the versions of vdsm22 package as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of vdsm package as shipped with Red Hat Enterprise Linux 6. This issue did not affect the hypervisor disk images as shipped with Red Hat Enterprise Virtualization Hypervisor 5 and 6.", "threat_severity": "Important"}