Bug 2367496 (CVE-2025-32803)
| Summary: | CVE-2025-32803 kea: Insecure file permissions can result in confidential information leakage | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | mbenatto, mosvald, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in the Kea package, where an attacker with access to a local unprivileged user may be able to read the logs and DHCP lease information. This can be used to retrieve sensitive information about the DHCP clients and about the Kea process itself.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2369335, 2369336, 2369337 | ||
| Bug Blocks: | |||
| Deadline: | 2025-05-28 | ||
|
Description
OSIDB Bzimport
2025-05-20 15:22:01 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:9178 https://access.redhat.com/errata/RHSA-2025:9178 |