{"containers": {"cna": {"affected": [{"product": "Azure", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "multiple"}]}], "datePublic": "2019-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-01T00:06:05", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"}, {"name": "RHSA-2019:1527", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1527"}, {"name": "openSUSE-SU-2020:0261", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Azure", "version": {"version_data": [{"version_value": "multiple"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"}, {"name": "RHSA-2019:1527", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1527"}, {"name": "openSUSE-SU-2020:0261", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:58:59.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"}, {"name": "RHSA-2019:1527", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1527"}, {"name": "openSUSE-SU-2020:0261", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0804", "datePublished": "2019-04-09T02:32:46", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:58:59.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:walinuxagent:*:*:*:*:*:*:*:*", "matchCriteriaId": "685B4D91-B775-4004-8A40-4239687F7B88", "versionEndExcluding": "2.2.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la manera en que Azure WaLinuxAgent crea archivos de intercambio en discos de recursos, tambi\u00e9n se conoce como \"Azure Linux Agent Information Disclosure Vulnerability\"."}], "id": "CVE-2019-0804", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T03:29:00.843", "references": [{"source": "secure@microsoft.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"}, {"source": "secure@microsoft.com", "url": "https://access.redhat.com/errata/RHSA-2019:1527"}, {"source": "secure@microsoft.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Francis McBratney (Destinatech Limited) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:1527", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "WALinuxAgent-0:2.2.32-1.el8_0.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-06-18T00:00:00Z"}], "bugzilla": {"description": "WALinuxAgent: swapfile created with weak permissions", "id": "1684181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1684181"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-732", "details": ["An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'."], "name": "CVE-2019-0804", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "WALinuxAgent", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "WALinuxAgent", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-0804\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0804\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"], "threat_severity": "Moderate"}