CVE-2017-2672

Опубликовано: 04 апр. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.

A flaw was found in foreman's logging during the adding or registering of images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 1.3	foreman	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer	foreman	Will not fix
Red Hat Satellite 6.3 for RHEL 7	candlepin	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman-bootloaders-redhat	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman-discovery-image	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman-installer	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman-proxy	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	foreman-selinux	Fixed	RHSA-2018:0336	21.02.2018
Red Hat Satellite 6.3 for RHEL 7	hiera	Fixed	RHSA-2018:0336	21.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-312

https://bugzilla.redhat.com/show_bug.cgi?id=1439537foreman: Image password leak

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-2672

CVSS3: 6.5

nvd

больше 7 лет назад

CVE-2017-2672

CVSS3: 6.5

debian

больше 7 лет назад

A flaw was found in foreman before version 1.15 in the logging of addi ...

GHSA-82j5-w3wh-5hfm

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3