CVE-2015-0257

Status: Modified

Last modified: 12-02-2023

Published: 01-05-2015

2.1

SUMMARY CVE-2015-0257

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Access CVSS CVE-2015-0257

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
LOW	LOCAL	NONE	-	-

Impact CVSS CVE-2015-0257

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

Details CVE-2015-0257

EPSS	0.00042
EPSS %	0.05057
References	http://rhn.redhat.com/errata/RHSA-2015-0888.html http://www.securitytracker.com/id/1032231
CWE	CWE-264
Vulnerable Configurations	cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:::::::* cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:::::::*