CVE-2016-6349

NONE EPSS 31.7%
Published Mar 29, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 29, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

Threat Intelligence

EPSS Exploit Probability
31.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
projectatomicoci-register-machine*any

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2016/07/26/9
    Third Party AdvisoryVDB Entry
  • openwall.com http://www.openwall.com/lists/oss-security/2016/10/13/7
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/92143
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1360634
    Issue TrackingThird Party Advisory
  • github.com https://github.com/projectatomic/oci-register-machine/pull/22
    Patch

Remediation

  • github.com https://github.com/projectatomic/oci-register-machine/pull/22
    Patch