Описание
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.9 Medium
CVSS3
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
In Foreman it was discovered that the delete compute resource operatio ...
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
EPSS
4.9 Medium
CVSS3
4.9 Medium
CVSS3
4 Medium
CVSS2