It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman.
A flaw was found in Foreman. The issue allows an identified user with "delete compute resource" permission to recover plaintext password or token for the compute resource.
Name: Vatsal Parekh (Red Hat)
Do not grant the "destroy_compute_resource" permission to users that should not know the password.