Back to bug 1381681
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Siddharth Sharma | 2016-10-04 17:54:21 UTC | CC | security-response-team | |
| Siddharth Sharma | 2016-10-04 18:58:58 UTC | Blocks | 1381676 | |
| Siddharth Sharma | 2016-10-07 08:52:05 UTC | Depends On | 1382623 | |
| Siddharth Sharma | 2016-10-10 08:20:28 UTC | Whiteboard | impact=moderate,public=no,reported=20160919,source=redhat,cvss2=4.3/AV:L/AC:L/Au:S/C:P/I:P/A:P,cvss3=4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-214,rhscon-2/rhscon-core=affected | impact=moderate,public=20160614,reported=20160919,source=redhat,cvss2=4.3/AV:L/AC:L/Au:S/C:P/I:P/A:P,cvss3=4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-214,rhscon-2/rhscon-core=affected |
| Siddharth Sharma | 2016-10-10 08:20:32 UTC | Summary | EMBARGOED CVE-2016-7062 rhscon-core: password leak by command line parameter | CVE-2016-7062 rhscon-core: password leak by command line parameter |
| Siddharth Sharma | 2016-10-10 08:20:36 UTC | Group | security, qe_staff | |
| Siddharth Sharma | 2016-10-18 12:41:23 UTC | Summary | CVE-2016-7062 rhscon-core: password leak by command line parameter | CVE-2016-7062 rhscon-ceph: password leak by command line parameter |
| Siddharth Sharma | 2016-10-18 12:42:03 UTC | Whiteboard | impact=moderate,public=20160614,reported=20160919,source=redhat,cvss2=4.3/AV:L/AC:L/Au:S/C:P/I:P/A:P,cvss3=4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-214,rhscon-2/rhscon-core=affected | impact=moderate,public=20160614,reported=20160919,source=redhat,cvss2=4.3/AV:L/AC:L/Au:S/C:P/I:P/A:P,cvss3=4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-214,rhscon-2/rhscon-ceph=affected |
| Eric Christensen | 2016-10-18 13:48:19 UTC | Doc Text | It was found that passwords would get leaked in the command line output of rhscon-ceph while sending command line parameters from rhscon-core. | |
| Eric Christensen | 2016-10-18 14:13:42 UTC | Doc Text | It was found that passwords would get leaked in the command line output of rhscon-ceph while sending command line parameters from rhscon-core. | A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. |
| Siddharth Sharma | 2016-10-19 15:37:12 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-10-19 11:37:12 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20160614,reported=20160919,source=redhat,cvss2=4.3/AV:L/AC:L/Au:S/C:P/I:P/A:P,cvss3=4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-214,rhscon-2/rhscon-ceph=affected |
Back to bug 1381681