CVE-2022-3287

Published September 28th, 2022

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

fwupd/fwupd

A system daemon to allow session software to update firmware

GitHub

4.02K