CVE-2024-22037

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 28, 2024
CWE ID 497

Summary

CVE-2024-22037 is a vulnerability affecting the uyuni-server-attestation systemd service. The service requires a database_password environment variable, which is set with a file having permissive 640 permissions. Despite being hidden from users, this environmental variable is still accessible to non-privileged users due to systemd's exposure. This condition poses a potential security risk, as unauthorized access to the database password could result in unauthorized access to the server and subsequent data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share