CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1097

HIGH
8.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile20.80th
PublishedApr 4, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Affected Platforms (CPE)

πŸ“¦
Theforeman

Foreman

< 1.6.1
πŸ“¦
Redhat

Satellite

= 6.4

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2018:2927
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1561723
πŸ”— https://github.com/theforeman/foreman/pull/5369
πŸ”— https://projects.theforeman.org/issues/22546
πŸ”— https://access.redhat.com/errata/RHSA-2018:2927
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1561723
πŸ”— https://github.com/theforeman/foreman/pull/5369
πŸ”— https://projects.theforeman.org/issues/22546

Related Vulnerabilities

CVE-2018-146439.8

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this fl...

CVE-2017-75409.8

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Rub...

CVE-2017-75058.8

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who...

CVE-2021-35908.8

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO...