Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-4250 | Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. |
![]() |
GHSA-hxvp-655x-xxqv | Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T09:05:38.996Z
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0135

No data.

Status : Deferred
Published: 2014-05-08T14:29:13.283
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-0135


No data.