| Vulnerability Name: | CVE-2017-2672 (CCN-145191) | ||||||||||||
| Assigned: | 2016-12-01 | ||||||||||||
| Published: | 2018-06-21 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-269 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-2672 Source: BID Type: Third Party Advisory, VDB Entry 97526 Source: CCN Type: BID-97526 Foreman CVE-2017-2672 Information Disclosure Vulnerability Source: REDHAT Type: Third Party Advisory RHSA-2018:0336 Source: CCN Type: Red Hat Bugzilla Bug 1439537 (CVE-2017-2672) CVE-2017-2672 foreman: Image password leak Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672 Source: XF Type: UNKNOWN foreman-cve20172672-info-disc(145191) Source: CCN Type: foreman GIT Repository Fixes #19169 - remove image password from audit #4438 Source: CONFIRM Type: Exploit, Vendor Advisory https://projects.theforeman.org/issues/19169 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-2672 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||