A flaw was found in foreman. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. Upstream bug: https://projects.theforeman.org/issues/22546 Upstream pull request: https://github.com/theforeman/foreman/pull/5369
Statement: This issue affects the versions of foreman as shipped with Red Hat Enterprise Satellite 6. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products: Red Hat Satellite 6.4 for RHEL 7 Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927