{"id":"CVE-2022-3287","details":"When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.","modified":"2026-03-14T11:48:05.066393Z","published":"2022-09-28T20:15:18.433Z","related":["ALSA-2023:2487","ALSA-2023:7189","openSUSE-SU-2024:12438-1"],"references":[{"type":"FIX","url":"https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fwupd/fwupd","events":[{"introduced":"0"},{"fixed":"456dcb6a682b3417ed21eea58327273472cdc304"},{"fixed":"ea676855f2119e36d433fbd2ed604039f53b2091"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.8.5"}]}}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.6.1","0.6.2","0.6.3","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.8.0","0.8.1","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.2.10","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.4.0","1.4.1","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.6.0","1.6.1","1.6.2","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","fwupd_0_1_0","fwupd_0_1_1","fwupd_0_1_2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":6654,"function_hash":"227917478323252753942772574516484288925"},"signature_type":"Function","target":{"function":"main","file":"libfwupdplugin/fu-self-test.c"},"id":"CVE-2022-3287-1b606760","signature_version":"v1","source":"https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"},{"deprecated":false,"digest":{"line_hashes":["185694364291763376642641409172221107882","233435206009929904409078305488020573124","74499654005614357766165854005290688510","51724551807383385144170535167135777641","277646382442569870382172387158228914313","129557590716005878388210207849088465328","39984794960422302476945206173212967436","96783522183038548586739436693424012024","121505856104040833355480307156763806941","19412089633113111749417454227755956960","109371934755871094335088615757702522254","306565628157472737633719401119601713126","254471677914945781467302013504620918895","160495244318518926839985964936445805787","31970284475940352458706986219287961391","333657930080506697992470144884423918179","242283288313172417285452333850382015749","290613462988412424815698065408901741896","242332176029108878734290747012777413454","197242592975941211741049831712828596721","141270387646378681333192281509487491530","105354130572029313441040541341812459245"],"threshold":0.9},"signature_type":"Line","target":{"file":"libfwupdplugin/fu-plugin.c"},"id":"CVE-2022-3287-6f89733f","signature_version":"v1","source":"https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"},{"deprecated":false,"digest":{"line_hashes":["172713642334055919252251013068382982774","319513597485738336899299336342497714212","84298258347774728497669159493267459408","154725807124619395619167265059380744563","123196057370551060642552809795984979096","311861332273394396525935250003739303214","10135743727097914286452478474768985291"],"threshold":0.9},"signature_type":"Line","target":{"file":"libfwupdplugin/fu-self-test.c"},"id":"CVE-2022-3287-b43b8230","signature_version":"v1","source":"https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"},{"deprecated":false,"digest":{"length":613,"function_hash":"215192322070254730145595331785048088985"},"signature_type":"Function","target":{"function":"fu_plugin_set_secure_config_value","file":"libfwupdplugin/fu-plugin.c"},"id":"CVE-2022-3287-d3be6af6","signature_version":"v1","source":"https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3287.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}