Description
A flaw was discovered in Cumin where it would log broker authentication
credentials to the Cumin log file. A local user exploiting this flaw could
connect to the broker outside of Cumin's control and perform certain
operations such as scheduling jobs, setting attributes on jobs, as well as
holding, releasing or removing jobs. The user could also use this to,
depending on the defined ACLs of the broker, manipulate message queues and
other privileged operations. (CVE-2011-2925)