Vulnerability-Lookup

CVE-2016-7062 (GCVE-0-2016-7062)

Vulnerability from cvelistv5 – Published: 2017-06-27 20:00 – Updated: 2024-08-06 01:50

Summary

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2016-10361

Vulnerability from cnvd - Published: 2016-10-31

Title

Red Hat Storage Console本地信息泄露漏洞

Description

Red Hat Storage server是一款Gluster集群文件系统的存储服务器。 Red Hat Storage Console存在本地信息泄露漏洞，攻击者可利用漏洞获得敏感信息。

Severity

低

Patch Name

Red Hat Storage Console本地信息泄露漏洞的补丁

Patch Description

Red Hat Storage server是一款Gluster集群文件系统的存储服务器。 Red Hat Storage Console存在本地信息泄露漏洞，攻击者可利用漏洞获得敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://access.redhat.com/errata/RHSA-2016:2082

Reference

http://www.securityfocus.com/bid/93796

Impacted products

Name
Red Hat Storage server

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": [
      {
        "bidNumber": "93796"
      },
      {
        "bidNumber": "93796"
      }
    ]
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7062"
    }
  },
  "description": "Red Hat Storage server\u662f\u4e00\u6b3eGluster\u96c6\u7fa4\u6587\u4ef6\u7cfb\u7edf\u7684\u5b58\u50a8\u670d\u52a1\u5668\u3002 \r\n\r\nRed Hat Storage Console\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Red Hat",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://access.redhat.com/errata/RHSA-2016:2082",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10361",
  "openTime": "2016-10-31",
  "patchDescription": "Red Hat Storage server\u662f\u4e00\u6b3eGluster\u96c6\u7fa4\u6587\u4ef6\u7cfb\u7edf\u7684\u5b58\u50a8\u670d\u52a1\u5668\u3002 \r\n\r\nRed Hat Storage Console\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat Storage Console\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat Storage server"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93796",
  "serverity": "\u4f4e",
  "submitTime": "2016-10-26",
  "title": "Red Hat Storage Console\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

RHSA-2016:2082

Vulnerability from csaf_redhat - Published: 2016-10-19 14:59 - Updated: 2025-11-21 17:57

Summary

Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update

Notes

Topic

An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster. Security Fix(es): * A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062) Bug Fix(es): * Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538) * Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481) * Rolling upgrade fails when a custom cluster name other than 'ceph' is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to 'ceph' when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919) * Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267) * Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461) * A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242) * In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270) * Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129) * Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983) * Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998) * Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048) * While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081) * The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969) All users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Storage Console 2 for Red Hat Enteprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster.\n\nSecurity Fix(es):\n\n* A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. (CVE-2016-7062)\n\nBug Fix(es):\n\n* Previously, the PG was calculated on per pool basis instead of cluster level. With this fix, automatic calculation of PGs is disabled and the Ceph PG calculator is used to calculate the PG values per OSD to keep the cluster in healthy state. (BZ#1366577, BZ#1375538)\n\n* Issuing a command to compact its data store during a rolling upgrade renders the Ceph monitors unresponsive. To avoid this behavior, skip the command to compact the data store during a rolling upgrade. As a result, the Ceph monitors are responsive.(BZ#1372481)\n\n* Rolling upgrade fails when a custom cluster name other than \u0027ceph\u0027 is used and causes the ceph-ansible play to abort. With this fix, include the flags to indicate the cluster name, defaulting to \u0027ceph\u0027 when unspecified and the Ansible playbook succeeds with custom cluster names.(BZ#1373919)\n\n* Previously, pools list in Console displayed incorrect storage utilization and capacity data due to multiple CRUSH hierarchies. With this fix, the pools list in Console displays the correct storage utilization and capacity data.(BZ#1358267)\n\n* Previously, the CPU utilization chart displayed only the user processes CPU utilization and omitted system CPU utilization. With this fix, the CPU utilization chart displays the combined user and system CPU utilization percentage.(BZ#1358461)\n\n* A full-duplex channel is available for communication in both directions simultaneously and hence the effective bandwidth is twice the actual bandwidth. With this update, this has been modified, and the network utilization is now calculated properly.(BZ#1366242)\n\n* In the Host list page, incorrect chart data was displayed in utilization charts. With this fix, the chart displays correct data. (BZ#1358270)\n\n* Previously, Calamari failed to reflect the correct values for OSD status. With this update, the issue has been fixed and the dashboard displays the correct, real time OSD status.(BZ#1359129)\n\n* Previously, the text on the Add Storage tab was confusing due to unclear description regarding the storage type. With this fix, the text has been updated and a short description about the pools and RBDs is provided to ensure there is no ambiguity.(BZ#1365983)\n\n* Previously, while importing a cluster with collocated journals, the journal size used to incorrectly populate in the MongoDB database. With this fix, the journal size and the journal path is displayed correctly in the OSD summary of the Host OSDs tab.(BZ#1365998)\n\n* Previously, the clusters list in the console incorrectly depicted IOPS in units. With this fix, all the IOPS units are removed to correctly show the IOPS in the numeric count.(BZ#1366048)\n\n* While checking the cluster system performance, the selection of any elapsed hour range inappropriately displayed tick marks on both the elapsed hour(s) range. With this fix, the console displays system performance graph with a tick mark only on the selected elapsed hour(s).(BZ#1366081)\n\n* The journal device details did not synchronize as expected during pool creation and importing cluster workflows. This behavior is now fixed to fetch the actual device details for OSD journals and displays as expected in the UI.(BZ#1342969)\n\nAll users of Red Hat Storage Console are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:2082",
        "url": "https://access.redhat.com/errata/RHSA-2016:2082"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1342969",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342969"
      },
      {
        "category": "external",
        "summary": "1346379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346379"
      },
      {
        "category": "external",
        "summary": "1358267",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358267"
      },
      {
        "category": "external",
        "summary": "1358270",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358270"
      },
      {
        "category": "external",
        "summary": "1358461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358461"
      },
      {
        "category": "external",
        "summary": "1358832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358832"
      },
      {
        "category": "external",
        "summary": "1359129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359129"
      },
      {
        "category": "external",
        "summary": "1365983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365983"
      },
      {
        "category": "external",
        "summary": "1365998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365998"
      },
      {
        "category": "external",
        "summary": "1366048",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366048"
      },
      {
        "category": "external",
        "summary": "1366081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366081"
      },
      {
        "category": "external",
        "summary": "1366242",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366242"
      },
      {
        "category": "external",
        "summary": "1366577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366577"
      },
      {
        "category": "external",
        "summary": "1366620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366620"
      },
      {
        "category": "external",
        "summary": "1371496",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371496"
      },
      {
        "category": "external",
        "summary": "1371848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371848"
      },
      {
        "category": "external",
        "summary": "1372481",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372481"
      },
      {
        "category": "external",
        "summary": "1373919",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373919"
      },
      {
        "category": "external",
        "summary": "1375538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375538"
      },
      {
        "category": "external",
        "summary": "1375972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375972"
      },
      {
        "category": "external",
        "summary": "1381681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2082.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Storage Console 2 security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T17:57:56+00:00",
      "generator": {
        "date": "2025-11-21T17:57:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2016:2082",
      "initial_release_date": "2016-10-19T14:59:44+00:00",
      "revision_history": [
        {
          "date": "2016-10-19T14:59:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-04-18T15:29:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:57:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Storage Console Installer 2",
                "product": {
                  "name": "Red Hat Storage Console Installer 2",
                  "product_id": "7Server-RH7-RHSCON-INSTALLER-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhscon:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Storage Console Agent 2",
                "product": {
                  "name": "Red Hat Storage Console Agent 2",
                  "product_id": "7Server-RH7-RHSCON-AGENT-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhscon:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Storage Console Main 2",
                "product": {
                  "name": "Red Hat Storage Console Main 2",
                  "product_id": "7Server-RH7-RHSCON-MAIN-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhscon:2::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Storage Console"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
                "product": {
                  "name": "ceph-installer-0:1.0.15-2.el7scon.noarch",
                  "product_id": "ceph-installer-0:1.0.15-2.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
                "product": {
                  "name": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
                  "product_id": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
                "product": {
                  "name": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
                  "product_id": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
                "product": {
                  "name": "salt-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_id": "salt-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/salt-selinux@0.0.45-1.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
                "product": {
                  "name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_id": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-core-selinux@0.0.45-1.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
                "product": {
                  "name": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_id": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/carbon-selinux@0.0.45-1.el7scon?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
                "product": {
                  "name": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
                  "product_id": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ceph-installer-0:1.0.15-2.el7scon.src",
                "product": {
                  "name": "ceph-installer-0:1.0.15-2.el7scon.src",
                  "product_id": "ceph-installer-0:1.0.15-2.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-installer@1.0.15-2.el7scon?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-agent-0:0.0.19-1.el7scon.src",
                "product": {
                  "name": "rhscon-agent-0:0.0.19-1.el7scon.src",
                  "product_id": "rhscon-agent-0:0.0.19-1.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-agent@0.0.19-1.el7scon?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-ansible-0:1.0.5-34.el7scon.src",
                "product": {
                  "name": "ceph-ansible-0:1.0.5-34.el7scon.src",
                  "product_id": "ceph-ansible-0:1.0.5-34.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-ansible@1.0.5-34.el7scon?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
                "product": {
                  "name": "rhscon-ceph-0:0.0.43-1.el7scon.src",
                  "product_id": "rhscon-ceph-0:0.0.43-1.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-core-0:0.0.45-1.el7scon.src",
                "product": {
                  "name": "rhscon-core-0:0.0.45-1.el7scon.src",
                  "product_id": "rhscon-core-0:0.0.45-1.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-ui-0:0.0.60-1.el7scon.src",
                "product": {
                  "name": "rhscon-ui-0:0.0.60-1.el7scon.src",
                  "product_id": "rhscon-ui-0:0.0.60-1.el7scon.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-ui@0.0.60-1.el7scon?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
                "product": {
                  "name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
                  "product_id": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-ceph@0.0.43-1.el7scon?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
                "product": {
                  "name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
                  "product_id": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-ceph-debuginfo@0.0.43-1.el7scon?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
                "product": {
                  "name": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
                  "product_id": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-core@0.0.45-1.el7scon?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
                "product": {
                  "name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
                  "product_id": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhscon-core-debuginfo@0.0.45-1.el7scon?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-agent-0:0.0.19-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch"
        },
        "product_reference": "rhscon-agent-0:0.0.19-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-agent-0:0.0.19-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src"
        },
        "product_reference": "rhscon-agent-0:0.0.19-1.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src"
        },
        "product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Agent 2",
          "product_id": "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-AGENT-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-ansible-0:1.0.5-34.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
          "product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch"
        },
        "product_reference": "ceph-ansible-0:1.0.5-34.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-ansible-0:1.0.5-34.el7scon.src as a component of Red Hat Storage Console Installer 2",
          "product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src"
        },
        "product_reference": "ceph-ansible-0:1.0.5-34.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-installer-0:1.0.15-2.el7scon.noarch as a component of Red Hat Storage Console Installer 2",
          "product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch"
        },
        "product_reference": "ceph-installer-0:1.0.15-2.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-installer-0:1.0.15-2.el7scon.src as a component of Red Hat Storage Console Installer 2",
          "product_id": "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src"
        },
        "product_reference": "ceph-installer-0:1.0.15-2.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-INSTALLER-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "carbon-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "carbon-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-ceph-0:0.0.43-1.el7scon.src as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src"
        },
        "product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-0:0.0.45-1.el7scon.src as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src"
        },
        "product_reference": "rhscon-core-0:0.0.45-1.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-core-0:0.0.45-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64 as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64"
        },
        "product_reference": "rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-ui-0:0.0.60-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch"
        },
        "product_reference": "rhscon-ui-0:0.0.60-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhscon-ui-0:0.0.60-1.el7scon.src as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src"
        },
        "product_reference": "rhscon-ui-0:0.0.60-1.el7scon.src",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-selinux-0:0.0.45-1.el7scon.noarch as a component of Red Hat Storage Console Main 2",
          "product_id": "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
        },
        "product_reference": "salt-selinux-0:0.0.45-1.el7scon.noarch",
        "relates_to_product_reference": "7Server-RH7-RHSCON-MAIN-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7062",
      "cwe": {
        "id": "CWE-214",
        "name": "Invocation of Process Using Visible Sensitive Information"
      },
      "discovery_date": "2016-09-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1381681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rhscon-ceph: password leak by command line parameter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
          "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
          "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
          "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
          "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
          "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
          "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
          "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
          "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7062"
        },
        {
          "category": "external",
          "summary": "RHBZ#1381681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
        }
      ],
      "release_date": "2016-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-19T14:59:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2082"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHSCON-AGENT-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-agent-0:0.0.19-1.el7scon.src",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.src",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-AGENT-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-AGENT-2:salt-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-ansible-0:1.0.5-34.el7scon.src",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.noarch",
            "7Server-RH7-RHSCON-INSTALLER-2:ceph-installer-0:1.0.15-2.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:carbon-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-0:0.0.43-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ceph-debuginfo-0:0.0.43-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-debuginfo-0:0.0.45-1.el7scon.x86_64",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-core-selinux-0:0.0.45-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.noarch",
            "7Server-RH7-RHSCON-MAIN-2:rhscon-ui-0:0.0.60-1.el7scon.src",
            "7Server-RH7-RHSCON-MAIN-2:salt-selinux-0:0.0.45-1.el7scon.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rhscon-ceph: password leak by command line parameter"
    }
  ]
}

GSD-2016-7062

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

Aliases

CVE-2016-7062

Aliases

CVE-2016-7062

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7062",
    "description": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
    "id": "GSD-2016-7062",
    "references": [
      "https://access.redhat.com/errata/RHSA-2016:2082"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7062"
      ],
      "details": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
      "id": "GSD-2016-7062",
      "modified": "2023-12-13T01:21:20.908026Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-7062",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93796",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93796"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
          },
          {
            "name": "1037062",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037062"
          },
          {
            "name": "RHSA-2016:2082",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2016:2082"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7062"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
            },
            {
              "name": "RHSA-2016:2082",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:2082"
            },
            {
              "name": "1037062",
              "refsource": "SECTRACK",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.securitytracker.com/id/1037062"
            },
            {
              "name": "93796",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93796"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-05T16:39Z",
      "publishedDate": "2017-06-27T20:29Z"
    }
  }
}

GHSA-5WQW-HJ4W-M539

Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36

Details

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7062"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.",
  "id": "GHSA-5wqw-hj4w-m539",
  "modified": "2022-05-17T02:36:11Z",
  "published": "2022-05-17T02:36:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7062"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:2082"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93796"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037062"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-7062

Vulnerability from fkie_nvd - Published: 2017-06-27 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/93796	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1037062	Mailing List, Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2016:2082	Vendor Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1381681	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93796	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037062	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2016:2082	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1381681	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	storage_console	2.0
	redhat	storage_console_node	2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:storage_console:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E916298F-E4F3-49FB-92DA-C92013188C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:storage_console_node:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E444D421-A946-44BB-A12E-69E68EAD25DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext."
    },
    {
      "lang": "es",
      "value": "rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contrase\u00f1a como texto sin cifrar."
    }
  ],
  "id": "CVE-2016-7062",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-27T20:29:00.933",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93796"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.securitytracker.com/id/1037062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:2082"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.securitytracker.com/id/1037062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:2082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381681"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7062 (GCVE-0-2016-7062)

CNVD-2016-10361

RHSA-2016:2082

GSD-2016-7062

GHSA-5WQW-HJ4W-M539

FKIE_CVE-2016-7062

Tags

Sightings

Nomenclature