CVE-2016-4996Log File Information Exposure in Redhat Satellite

CWE-255CWE-532Log File Information Exposure5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 88.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJul 17
Latest updateMay 14

Description

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jwrm-9f5g-qmp3: discovery-debug in Foreman before 62022-05-14
CVEList
CVE-2016-4996: discovery-debug in Foreman before 62017-07-14

📋Vendor Advisories

1
Red Hat
foreman: inside discovery-debug, the root password is displayed in plaintext2016-06-22

💬Community

1
Bugzilla
CVE-2016-4996 foreman: inside discovery-debug, the root password is displayed in plaintext2016-06-22
CVE-2016-4996 — Log File Information Exposure in Redhat | cvebase