Bug 1696400 (CVE-2019-3893) - CVE-2019-3893 foreman: Recover of plaintext password or token for the compute resources
Summary: CVE-2019-3893 foreman: Recover of plaintext password or token for the compute...
Status: NEW
Alias: CVE-2019-3893
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190409:0301,...
Keywords: Security
Depends On: 1697680
Blocks: 1693171
TreeView+ depends on / blocked
 
Reported: 2019-04-04 18:51 UTC by Pedro Sampaio
Modified: 2019-06-21 21:33 UTC (History)
12 users (show)

(edit)
It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2019-04-04 18:51:45 UTC
A flaw was found in Foreman. The issue allows an identified user with "delete compute resource" permission to recover plaintext password or token for the compute resource.

Upstream issue:

https://projects.theforeman.org/issues/26450

Upstream patch:

https://github.com/theforeman/foreman/pull/6621

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1692644

Comment 1 Pedro Sampaio 2019-04-04 18:51:48 UTC
Acknowledgments:

Name: Vatsal Parekh (Red Hat)

Comment 5 Richard Maciel Costa 2019-04-09 02:43:04 UTC
Mitigation:

Do not grant the "destroy_compute_resource" permission to users that should not know the password.


Note You need to log in before you can comment on or make changes to this bug.