Description
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://theforeman.org/security.html
Scores
EPSS
0.0010
EPSS Percentile
27.1%
Details
CWE
CWE-264
Status
published
Products (42)
rubygems/kafo
0 - 0.3.17RubyGems
theforeman/kafo
0.0.1
theforeman/kafo
0.0.2
theforeman/kafo
0.0.3
theforeman/kafo
0.0.4
theforeman/kafo
0.0.5
theforeman/kafo
0.0.6
theforeman/kafo
0.0.7
theforeman/kafo
0.0.8
theforeman/kafo
0.0.9
... and 32 more
Published
May 08, 2014
Tracked Since
Feb 18, 2026