CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1097

HIGH
8.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile20.80th
Published2018年4月4日
Last Modified2024年11月21日

Vulnerability Description

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Affected Platforms (CPE)

📦
Theforeman

Foreman

< 1.6.1
📦
Redhat

Satellite

= 6.4

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:2927
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1561723
🔗 https://github.com/theforeman/foreman/pull/5369
🔗 https://projects.theforeman.org/issues/22546
🔗 https://access.redhat.com/errata/RHSA-2018:2927
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1561723
🔗 https://github.com/theforeman/foreman/pull/5369
🔗 https://projects.theforeman.org/issues/22546

相關漏洞威脅

CVE-2018-146439.8

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this fl...

CVE-2017-75409.8

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Rub...

CVE-2017-75058.8

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who...

CVE-2021-35908.8

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO...