Vulnerability Details CVE-2019-3816
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://bugzilla.suse.com/show_bug.cgi?id=1122623
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html
- http://www.securityfocus.com/bid/107368
- http://www.securityfocus.com/bid/107409
- https://access.redhat.com/errata/RHSA-2019:0638
- https://access.redhat.com/errata/RHSA-2019:0972
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/
- http://bugzilla.suse.com/show_bug.cgi?id=1122623
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html
- http://www.securityfocus.com/bid/107368
- http://www.securityfocus.com/bid/107409
- https://access.redhat.com/errata/RHSA-2019:0638
- https://access.redhat.com/errata/RHSA-2019:0972
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/
Products affected by CVE-2019-3816
-
cpe:2.3:a:openwsman_project:openwsman:2.2.3
-
cpe:2.3:a:openwsman_project:openwsman:2.2.4
-
cpe:2.3:a:openwsman_project:openwsman:2.2.5
-
cpe:2.3:a:openwsman_project:openwsman:2.2.6
-
cpe:2.3:a:openwsman_project:openwsman:2.2.7
-
cpe:2.3:a:openwsman_project:openwsman:2.3.0
-
cpe:2.3:a:openwsman_project:openwsman:2.3.1
-
cpe:2.3:a:openwsman_project:openwsman:2.3.2
-
cpe:2.3:a:openwsman_project:openwsman:2.3.3
-
cpe:2.3:a:openwsman_project:openwsman:2.3.4
-
cpe:2.3:a:openwsman_project:openwsman:2.3.5
-
cpe:2.3:a:openwsman_project:openwsman:2.3.6
-
cpe:2.3:a:openwsman_project:openwsman:2.3.7
-
cpe:2.3:a:openwsman_project:openwsman:2.4.0
-
cpe:2.3:a:openwsman_project:openwsman:2.4.1
-
cpe:2.3:a:openwsman_project:openwsman:2.4.10
-
cpe:2.3:a:openwsman_project:openwsman:2.4.11
-
cpe:2.3:a:openwsman_project:openwsman:2.4.12
-
cpe:2.3:a:openwsman_project:openwsman:2.4.13
-
cpe:2.3:a:openwsman_project:openwsman:2.4.14
-
cpe:2.3:a:openwsman_project:openwsman:2.4.15
-
cpe:2.3:a:openwsman_project:openwsman:2.4.2
-
cpe:2.3:a:openwsman_project:openwsman:2.4.3
-
cpe:2.3:a:openwsman_project:openwsman:2.4.4
-
cpe:2.3:a:openwsman_project:openwsman:2.4.5
-
cpe:2.3:a:openwsman_project:openwsman:2.4.6
-
cpe:2.3:a:openwsman_project:openwsman:2.4.7
-
cpe:2.3:a:openwsman_project:openwsman:2.4.8
-
cpe:2.3:a:openwsman_project:openwsman:2.4.9
-
cpe:2.3:a:openwsman_project:openwsman:2.5.0
-
cpe:2.3:a:openwsman_project:openwsman:2.5.1
-
cpe:2.3:a:openwsman_project:openwsman:2.5.2
-
cpe:2.3:a:openwsman_project:openwsman:2.6.0
-
cpe:2.3:a:openwsman_project:openwsman:2.6.1
-
cpe:2.3:a:openwsman_project:openwsman:2.6.2
-
cpe:2.3:a:openwsman_project:openwsman:2.6.3
-
cpe:2.3:a:openwsman_project:openwsman:2.6.4
-
cpe:2.3:a:openwsman_project:openwsman:2.6.5
-
cpe:2.3:a:openwsman_project:openwsman:2.6.6
-
cpe:2.3:a:openwsman_project:openwsman:2.6.7
-
cpe:2.3:a:openwsman_project:openwsman:2.6.8
-
cpe:2.3:a:openwsman_project:openwsman:2.6.9
-
cpe:2.3:o:fedoraproject:fedora:28
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:42.3
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.1
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0