There is 1 open security issue in bullseye.
1 issue left for the package maintainer to handle:
- CVE-2022-3287:
(needs triaging)
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
You can find information about how to handle this issue in the security team's documentation.