A flaw was found in foreman's logging during the adding or registering of images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Find out more about CVE-2017-2672 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 6.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | None |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat Satellite 6.3 (foreman) | RHSA-2018:0336 | 2018-02-21 |
Red Hat Satellite Capsule 6.3 (foreman) | RHSA-2018:0336 | 2018-02-21 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 6 | foreman | Will not fix |
Red Hat Ceph Storage 1.3 | foreman | Will not fix |
OpenStack 6 Installer for RHEL 7 | foreman | Will not fix |