Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1097

Опубликовано: 10 фев. 2018
Источник: redhat
CVSS3: 7.7
EPSS Низкий

Описание

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Отчет

This issue affects the versions of foreman as shipped with Red Hat Enterprise Satellite 6. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3foremanNot affected
Red Hat Satellite 6.4 for RHEL 7ansiblerole-insights-clientFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7candlepinFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7createrepo_cFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7foremanFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7foreman-installerFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7foreman-proxyFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7foreman-selinuxFixedRHSA-2018:292716.10.2018
Red Hat Satellite 6.4 for RHEL 7goferFixedRHSA-2018:292716.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1561723foreman: Ovirt admin password exposed by foreman API

EPSS

Процентиль: 62%
0.00435
Низкий

7.7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1097

CVSS3: 8.8
nvd
почти 8 лет назад

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

debian логотип

CVE-2018-1097

CVSS3: 8.8
debian
почти 8 лет назад

A flaw was found in foreman before 1.16.1. The issue allows users with ...

github логотип

GHSA-fqv6-g44j-5jx7

CVSS3: 8.8
github
больше 3 лет назад

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

EPSS

Процентиль: 62%
0.00435
Низкий

7.7 High

CVSS3