CVE-2019-3816

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Published : 2019-03-14 22:29 Updated : 2019-05-07 07:29

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Openwsman Project Openwsman 2.6.9 cpe:/a:openwsman_project:openwsman:2.6.9
Fedoraproject Fedora 28 cpe:/o:fedoraproject:fedora:28
Fedoraproject Fedora 29 cpe:/o:fedoraproject:fedora:29
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Fedoraproject Fedora 30 cpe:/o:fedoraproject:fedora:30
Opensuse Leap 15.0 cpe:/o:opensuse:leap:15.0
Opensuse Leap 42.3 cpe:/o:opensuse:leap:42.3
  1. Openwsman Project (1) Search CVE
    1. Openwsman (1) Search CVE
      1. 2.6.9
  2. Redhat (6) Search CVE
    1. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    2. Enterprise Linux Server Tus (1) Search CVE
      1. 7.6
    3. Enterprise Linux Server Eus (1) Search CVE
      1. 7.6
    4. Enterprise Linux Server (1) Search CVE
      1. 7.0
    5. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    6. Enterprise Linux Server Aus (1) Search CVE
      1. 7.6
  3. Opensuse (1) Search CVE
    1. Leap (2) Search CVE
      1. 15.0
      2. 42.3
  4. Fedoraproject (1) Search CVE
    1. Fedora (3) Search CVE
      1. 28
      2. 29
      3. 30

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-05-07 07:29
2019-04-17 18:05
2019-04-16 23:29
2019-03-21 16:01
2019-03-15 19:19
2019-03-15 10:29
2019-03-14 22:29

New CVE