Unrated severityNVD Advisory· Published Apr 12, 2019· Updated Aug 4, 2024
CVE-2019-3891
CVE-2019-3891
Description
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/candlepinv5Range: affects Satellite 6.4
Patches
Vulnerability mechanics
References
2- access.redhat.com/errata/RHSA-2019:1222mitrevendor-advisoryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.