James Laska

**Name of the Vulnerable Software and Affected Versions** Red Hat CloudForms Management Engine version 5.1 **Description** The issue allows remote administrators to execute arbitrary Ruby code. **Recommendations** For Red Hat CloudForms Management Engine version 5.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat CloudForms versions prior to 1.1 **Description** The issue allows local users to read administrative passwords by accessing a world-readable log file. This occurs because Pulp logs administrative passwords in the production.log file, which has world-readable permissions. **Recommendations** For versions prior to 1.1, consider restricting access to the production.log file to minimize the risk of exploitation. As a temporary workaround, change the permissions of the production.log file to prevent unauthorized access until a fix is applied.