Foreman · Foreman · CVE-2017-2672
Name of the Vulnerable Software and Affected Versions:
Foreman versions prior to 1.15
Description:
A flaw in the logging of adding and registering images allows an attacker with access to the log file to view passwords for provisioned systems, potentially granting them access to those systems.
Recommendations:
For versions prior to 1.15, update to version 1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.