CVE-2016-4996

Published: Jul 17, 2017Modified: May 13, 2026

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

Affected (1)

Products: Redhat: Satellite

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Satellite	Version 6.3

Running on/with	Platform Versions
Redhat Enterprise Linux Server	Version 7.0

Related CWEs

References (4)

https://access.redhat.com/errata/RHSA-2018:0336

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1349136

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1349136

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.