CVE-2016-9593

CWE-522 — Insufficiently Protected Credentials CWE-2555 documents5 sources

Severity

8.8HIGH

EPSS

0.2%

top 55.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Unspecified Foreman-debug Redhat Satellite

Timeline

PublishedApr 16

Latest updateMay 13

Description

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5unspecified/foreman-debugforeman-debug 1.15.0

▶NVDtheforeman/foreman< 1.15.0

▶NVDredhat/satellite6.0

🔴Vulnerability Details

GHSA

GHSA-c5rm-gfhx-cpwq: foreman-debug before version 1↗2022-05-13

▶

CVEList

CVE-2016-9593: foreman-debug before version 1↗2018-04-16

▶

📋Vendor Advisories

Red Hat

foreman-debug: missing obfuscation of sensitive information↗2016-12-20

▶

💬Community

Bugzilla

CVE-2016-9593 foreman-debug: missing obfuscation of sensitive information↗2016-12-20

▶