CVE-2012-5616

{"id": "CVE-2012-5616", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.5, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-22T23:55:02.887", "references": [{"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/89070", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/89146", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/89147", "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2013/Jan/65", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51366", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51821", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51827", "source": "secalert@redhat.com"}, {"url": "http://support.citrix.com/article/CTX136163", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/57225", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/57259", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1027978", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."}, {"lang": "es", "value": "CloudStack Apache v4.0.0-incubaci\u00f3n y Citrix CloudPlatform (anteriormente Citrix CloudStack ) anterior a v3.0.6 almacena informaci\u00f3n sensible en el archivo de registro log4j.conf, lo que permite a usuarios locales obtener (1) la clave privada SSH registradas por la API createSSHKeyPair, (2) la contrase\u00f1a de un host agregado registrada por la API AddHost, o la contrase\u00f1a de un VM a\u00f1adido seg\u00fan los registrado por el DeployVM (3) o (4) API ResetPasswordForVM."}], "lastModified": "2023-11-07T02:12:37.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C"}, {"criteria": "cpe:2.3:a:citrix:cloudplatform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7802906-7538-4434-B1F9-89C10ECE8A3E", "versionEndIncluding": "3.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}