Bug 1327471 (CVE-2016-3693)
| Summary: | CVE-2016-3693 foreman: inspect in a provisioning template exposes sensitive controller information | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abaron, apevec, bcourt, bkearney, cbillett, chrisw, cvsbot-xmlrpc, dallan, gkotton, jjoyce, jmatthew, jschluet, lhh, lpeer, markmc, mburns, mmccune, ohadlevy, rbryant, satellite6-bugs, sclewis, sisharma, srevivo, tdecacqu, tlestach, tsanders |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-21 00:52:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1359457 | ||
| Bug Blocks: | 1327472, 1432305 | ||
|
Description
Andrej Nemec
2016-04-15 08:21:34 UTC
Acknowledgments: Name: Dominic Cleal (Red Hat) This issue has been addressed in the following products: Red Hat Satellite 6.3 for RHEL 7 Via RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336 |