PT-2019-16758 · Foreman+1 · Foreman+1

Tomer Brisker

Publicado

2019-04-09

Atualizado

2022-12-01

CVE-2019-3893

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.20.3 Foreman versions prior to 1.21.1 Foreman versions prior to 1.22.0

Description The delete compute resource operation in Foreman, when executed from the Foreman API, can lead to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the delete compute resource permission can exploit this flaw to take control over compute resources managed by Foreman.

Recommendations For versions prior to 1.20.3, update to version 1.20.3 or later. For versions prior to 1.21.1, update to version 1.21.1 or later. For versions prior to 1.22.0, update to version 1.22.0 or later.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

ALT-PU-2019-2801

ALT-PU-2020-2200

CVE-2019-3893

RHSA-2019:3172

Produtos afetados

Alt Linux

Foreman

PT-2019-16758 · Foreman+1 · Foreman+1

CVE-2019-3893

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9