Sensitive Information Exposure Vulnerability in Foreman: World Readable Server.xml File Exposes Candlepin Passwords

Sensitive Information Exposure Vulnerability in Foreman: World Readable Server.xml File Exposes Candlepin Passwords

CVE-2023-4886 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Learn more about our Cis Benchmark Audit For Apache Tomcat.