Описание
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
A flaw was found in discovery-debug in foreman. An attacker, with permissions to view the debug results, would be able to view the root password associated with that system, potentially allowing them to access it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | foreman | Will not fix | ||
| Red Hat Satellite 6.3 for RHEL 7 | candlepin | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-discovery-image | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | hiera | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | katello | Fixed | RHSA-2018:0336 | 21.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
6.2 Medium
CVSS2
Связанные уязвимости
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
discovery-debug in Foreman before 6.2 when the ssh service has been en ...
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
EPSS
7.5 High
CVSS3
6.2 Medium
CVSS2