PT-2018-10214 · Foreman · Foreman

Steve D

Publicado

2018-04-04

Atualizado

2023-02-13

CVE-2018-1097

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions foreman versions prior to 1.16.1

Description A flaw was found in the software that allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Recommendations For versions prior to 1.16.1, update to version 1.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the compute resource to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1097

RHSA-2018:2927

Produtos afetados

Foreman

PT-2018-10214 · Foreman · Foreman

CVE-2018-1097

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7