Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
References
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
Summary | Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | |
References |
|
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVMs. | |
References |
|
Information
Published : 2015-06-08 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3201
Mitre link : CVE-2015-3201
CVE.ORG link : CVE-2015-3201
JSON object : View
Products Affected
redhat
- thermostat
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor