CVE-2023-4886

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4886
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4886
Downstream
Published
2023-10-03T14:24:56.342Z
Modified
2026-05-28T04:09:09.696573588Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Foreman: world readable file containing secrets
Details

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "redhat",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4886.json"
}
References

Affected packages

Git
github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5fa51142d1c9a579168cbaf1c52acfeaf733e403
Database specific 
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ]
}

Affected versions

0.*
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.3
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json"
github.com/theforeman/foreman-installer

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f426bbf8810e91d5fe4fe6f97131159ff10417a8
Database specific 
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ]
}

Affected versions

1.*
1.0.1
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json"
github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4fabeb7ee4e869aa3f96aa1f484ee6a714bda19d
Database specific 
{
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ]
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4886.json"