A flaw was found in foreman. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Upstream pull request:
This issue affects the versions of foreman as shipped with Red Hat Enterprise Satellite 6. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products:
Red Hat Satellite 6.4 for RHEL 7
Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927