Unrated severityNVD Advisory· Published Oct 3, 2023· Updated Feb 25, 2026
Foreman: world readable file containing secrets
CVE-2023-4886
Description
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Red Hat/Red Hat Satellite 6.13 for RHEL 8v5cpe:/a:redhat:satellite_utils:6.13::el8Range: 0:3.5.1.24-1.el8sat
- Red Hat/Red Hat Satellite 6.14 for RHEL 8v5cpe:/a:redhat:satellite_utils:6.14::el8Range: 1:3.7.0.5-1.el8sat
- Package: https://rubygems.org/gems/foreman
Patches
Vulnerability mechanics
References
4- access.redhat.com/errata/RHSA-2023:7851mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1061mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-4886mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.