PT-2018-5105 · Foreman · Foreman-Debug

Pavel Moravec

Published

2018-04-16

Updated

2019-10-09

CVE-2016-9593

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions foreman-debug versions prior to 1.15.0

Description The issue is related to a flaw in foreman-debug's logging, which allows an attacker with access to the foreman log file to view passwords. This could enable the attacker to access those systems.

Recommendations For versions prior to 1.15.0, update to version 1.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the foreman log file to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-522

Related Identifiers

CVE-2016-9593

RHSA-2018:0336

Affected Products

Foreman-Debug

PT-2018-5105 · Foreman · Foreman-Debug

CVE-2016-9593

Weakness Enumeration

Related Identifiers

Affected Products

References · 5