Fwupd
Monthly
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.