CVE-2012-0059

medium

Description

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

References

https://access.redhat.com/security/cve/CVE-2012-0059

http://rhn.redhat.com/errata/RHSA-2012-0102.html

http://rhn.redhat.com/errata/RHSA-2012-0101.html

Details

Source: Mitre, NVD

Published: 2014-02-05

Updated: 2026-04-03

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00229