CVE-2018-1097

Published: Apr 4, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Affected (2)

Products: Theforeman: Foreman · Redhat: Satellite

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Before 1.6.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 6.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://access.redhat.com/errata/RHSA-2018:2927

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1561723

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/theforeman/foreman/pull/5369

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://projects.theforeman.org/issues/22546

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2018:2927

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1561723

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/theforeman/foreman/pull/5369

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://projects.theforeman.org/issues/22546

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.