Sensitive Information Exposure Vulnerability in Foreman: World Readable Server.xml File Exposes Candlepin Passwords
CVE-2023-4886 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Learn more about our Cis Benchmark Audit For Apache Tomcat.