CVE-2022-3287

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3287
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3287.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-3287
Related
Published
2022-09-28T20:15:18Z
Modified
2024-10-12T09:44:32.273388Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

References

Affected packages

Debian:11 / fwupd

Package

Name
fwupd
Purl
pkg:deb/debian/fwupd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.7-4
1.5.7-5
1.7.1-1
1.7.3-1
1.7.4-1
1.7.4-2
1.7.5-1
1.7.5-2
1.7.5-3
1.7.6-1
1.7.7-1
1.8.1-1
1.8.1-2
1.8.2-1
1.8.3-1
1.8.4-1
1.8.4-2
1.8.5-1
1.8.6-1
1.8.6-2
1.8.8-1
1.8.8-2
1.8.8-3
1.8.9-1
1.8.9-2
1.8.9-3
1.8.10-1
1.8.10-2
1.8.11-1
1.8.12-1
1.8.12-2
1.9.1-1
1.9.3-1
1.9.4-1
1.9.4-2
1.9.5-1
1.9.6-1
1.9.7-1
1.9.8-1
1.9.9-1
1.9.9-2
1.9.10-1
1.9.11-1
1.9.12-1
1.9.12-2
1.9.12-3
1.9.12-4
1.9.13-1
1.9.14-1
1.9.14-2
1.9.15-1
1.9.15-2
1.9.16-1
1.9.19-1
1.9.20-1
1.9.21-1
1.9.24-1
1.9.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / fwupd

Package

Name
fwupd
Purl
pkg:deb/debian/fwupd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / fwupd

Package

Name
fwupd
Purl
pkg:deb/debian/fwupd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/fwupd/fwupd

Affected ranges

Type
GIT
Repo
https://github.com/fwupd/fwupd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.8.0
0.8.1
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.10
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4

Other

fwupd_0_1_0
fwupd_0_1_1
fwupd_0_1_2