PT-2018-5105 · Foreman · Foreman-Debug

Pavel Moravec

Publicado

2018-04-16

Atualizado

2019-10-09

CVE-2016-9593

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions foreman-debug versions prior to 1.15.0

Description The issue is related to a flaw in foreman-debug's logging, which allows an attacker with access to the foreman log file to view passwords. This could enable the attacker to access those systems.

Recommendations For versions prior to 1.15.0, update to version 1.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the foreman log file to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255CWE-522

Identificadores relacionados

CVE-2016-9593

RHSA-2018:0336

Produtos afetados

Foreman-Debug

PT-2018-5105 · Foreman · Foreman-Debug

CVE-2016-9593

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5