Unauthorized Credential Disclosure in Foreman by The Foreman Project
CVE-2018-1097

8.8HIGH

Key Information:

Vendor

Foreman Project

Status
Foreman
Vendor
CVE Published:
4 April 2018

What is CVE-2018-1097?

A security flaw in Foreman versions before 1.16.1 has been identified, which allows users with limited permission to power oVirt/RHV hosts on and off to inadvertently expose sensitive credentials. This vulnerability enables unauthorized access to the usernames and passwords used to connect to the compute resources, increasing the risk of further exploitation if left unpatched.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

foreman before 1.16.1

References

https://github.com/theforeman/foreman/pull/5369
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1561723
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2927
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.