CVE-2018-1097

Опубликовано: 04 апр. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 4

EPSS Низкий

Описание

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Ссылки

https://access.redhat.com/errata/RHSA-2018:2927
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1561723
Issue Tracking
Third Party Advisory
https://github.com/theforeman/foreman/pull/5369
Issue Tracking
Third Party Advisory
https://projects.theforeman.org/issues/22546
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2927
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1561723
Issue Tracking
Third Party Advisory
https://github.com/theforeman/foreman/pull/5369
Issue Tracking
Third Party Advisory
https://projects.theforeman.org/issues/22546
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия до 1.6.1 (исключая)

Конфигурация 2

cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00435

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-1097

CVSS3: 7.7

redhat

почти 8 лет назад

CVE-2018-1097

CVSS3: 8.8

debian

почти 8 лет назад

A flaw was found in foreman before 1.16.1. The issue allows users with ...

GHSA-fqv6-g44j-5jx7

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00435

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200