Main Vulnerability Database SB2016101947

SB2016101947 - Information disclosure in Red Hat Ceph Storage 2

Published: October 19, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016101947

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2016-7062)

The vulnerability allows a local user to access potentially sensitive information on the target system.
The weakness is due to supplying of the "rhscon-core" password in plain text as a command line parameter that allows attacker to view the password.
Successful exploitation of the vulnerabilty results in disclosure of important data on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2016:2082