CVE-2023-4886

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4886
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4886
Downstream
Published
2023-10-03T15:15:40.737Z
Modified
2026-03-20T12:31:51.292534Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4fabeb7ee4e869aa3f96aa1f484ee6a714bda19d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ]
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
0.3.1
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    }
]