CVE-2022-3287
28.09.2022, 20:15
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fwupd | fwupd | 𝑥 < 1.8.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| fwupd |
| ||||||||||||||||||
| fwupd-bash-completion |
| ||||||||||||||||||
| fwupd-devel |
| ||||||||||||||||||
| fwupd-lang |
| ||||||||||||||||||
| libfwupd2 |
| ||||||||||||||||||
| typelib-1_0-Fwupd-2_0 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| fwupd |
| ||||||||||||||||||||
| fwupd-devel |
| ||||||||||||||||||||
| fwupd-plugin-flashrom |
|
Common Weakness Enumeration