{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-04T00:00:00", "descriptions": [{"lang": "en", "value": "Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "88141", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/88141"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=828447"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882138"}, {"name": "51472", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51472"}, {"name": "cloudforms-grinder-insecure-permissions(80550)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80550"}, {"name": "RHSA-2012:1543", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"}, {"name": "56819", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56819"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.072Z"}, "title": "CVE Program Container", "references": [{"name": "88141", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/88141"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=828447"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882138"}, {"name": "51472", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51472"}, {"name": "cloudforms-grinder-insecure-permissions(80550)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80550"}, {"name": "RHSA-2012:1543", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"}, {"name": "56819", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56819"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5605", "datePublished": "2013-01-04T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.072Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*", "matchCriteriaId": "72189D15-3318-45CD-B37E-FD53E4422052", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files."}, {"lang": "es", "value": "Grinder en Red Hat CloudForms anteriores a v1.1 usa permisos \"world-writable\" para /var/lib/pulp/cache/grinder/, lo que permite a usuarios locales modificar la cach\u00e9 de los ficheros grinder."}], "id": "CVE-2012-5605", "lastModified": "2017-08-29T01:32:43.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-04T22:55:02.430", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/88141"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51472"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/56819"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=828447"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882138"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80550"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by James Labocki (Red Hat).", "affected_release": [{"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "candlepin-0:0.7.8.1-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "gofer-0:0.66.1-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "grinder-0:0.0.150-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-0:1.1.12-22.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-agent-0:1.1.2-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-certs-tools-0:1.1.8-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-cli-0:1.1.8-12.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-cli-tests-0:1.1.5-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-configure-0:1.1.9-12.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "katello-selinux-0:1.1.1-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "pulp-0:1.1.14-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "quartz-0:2.1.5-4.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el6", "package": "rubygem-apipie-rails-0:0.0.11-3.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el5", "package": "gofer-0:0.66.1-2.el5", "product_name": "CloudForms Tools for RHEL 5", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1543", "cpe": "cpe:/a:cloudforms_tools:1::el5", "package": "katello-agent-0:1.1.2-1.el5", "product_name": "CloudForms Tools for RHEL 5", "release_date": "2012-12-04T00:00:00Z"}], "bugzilla": {"description": "grinder: /var/lib/pulp/cache/grinder directory is world-writeable", "id": "882138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882138"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files."], "name": "CVE-2012-5605", "package_state": [{"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "grinder", "product_name": "RHUI for RHEL 6"}], "public_date": "2012-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5605\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5605"], "statement": "Red Hat Update Infrastructure 2.1.3 is now in Production 2 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Update Infrastructure Life Cycle: https://access.redhat.com/support/policy/updates/rhui.", "threat_severity": "Moderate"}