Bug 1406384 (CVE-2016-9593)
Summary: | CVE-2016-9593 foreman-debug: missing obfuscation of sensitive information | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bkearney, cbillett, jmatthew, lzap, mmccune, ohadlevy, tlestach, tsanders |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://projects.theforeman.org/issues/17005 | ||
Whiteboard: | |||
Fixed In Version: | foreman-debug 1.15.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 11:48:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1247120, 1370168, 1414112, 1414113 | ||
Bug Blocks: | 1432305 |
Description
Martin Prpič
2016-12-20 12:32:07 UTC
Acknowledgments: Name: Pavel Moravec (Red Hat) Please associate this CVE with this BZ which is already tracking more things our filters do not catch: https://bugzilla.redhat.com/show_bug.cgi?id=1370168 The linked one will be either closed as dupe or changed to installer (different problem). Thanks This will be fixed in Foreman 1.15 and Satellite 6.3. This issue has been addressed in the following products: Red Hat Satellite 6.3 for RHEL 7 Via RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336 |