HomePentest-Tools.com Logo

Foreman < 1.20.3 and 1.21.0 Information Disclosure Vulnerability CVE-2019-3893

Severity
CVSSv3 Score
4.9
Vulnerability description

Foreman is prone to an authenticated information dislosure vulnerability.

Risk description

It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the delete_compute_resource permission can use this flaw to take control over compute resources managed by foreman.

Recommendation

Update to version 1.20.3, 1.21.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 9, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available