| |
Vulnerability CVE-2022-3287
Published: 2022-09-28
Description: |
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. |
References: |
https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091
|
|
|
Copyright 2024, cxsecurity.com
|
|
|