CVE-2020-14156: OpenBMC Security Advisory: Network IPMI file permissions world-readable

Network IPMI before 2020-04-03 does not ensure the /etc/ipmi_pass file has strong file permissions. The /etc/ipmi_pass file was created with world-readable permission. Any user with SSH or SCP access to the BMC can read and decode the credentials and escalate to any IPMI user.[…]

https://github.com/openbmc/openbmc/issues/3670

https://lists.ozlabs.org/pipermail/openbmc/2020-June/022020.html

(AFAICT, there is no security page that shows the various CVEs for OpenBMC. Maybe I missed it.)