CVE-2016-6349

LOW

oci-register-machine - Unauthenticated Exposure of Sensitive Information via machinectl Command

Title source: llm
STIX 2.1

Description

The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/26/9
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1360634
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/13/7
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92143

Scores

CVSS v3 3.3
EPSS 0.0040
EPSS Percentile 31.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
projectatomic/oci-register-machine
Published Mar 29, 2017
Tracked Since Feb 18, 2026