Foreman-installer: candlepin database password being leaked to local users via the process list
CVE-2024-3716
6.2MEDIUM
Summary
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 6.2 - (MEDIUM)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database