VYPR

Crowbar

by SUSE S.A.

CVEs (2)

  • CVE-2012-0433LowJun 8, 2018
    risk 0.21cvss 3.3epss 0.00

    The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.

  • CVE-2012-3537Sep 5, 2012
    risk 0.00cvss epss 0.01

    The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.