VYPR
Unrated severityNVD Advisory· Published Apr 12, 2019· Updated Aug 4, 2024

CVE-2019-3891

CVE-2019-3891

Description

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: 6.4
  • Red Hat/candlepinv5
    Range: affects Satellite 6.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.