CVE-2017-2672
published 2018-06-21CVE-2017-2672: A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able…
PriorityP347high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.22%
64.9th percentile
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | satellite | — | — |
| theforeman | foreman | < 1.15 | 1.15 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-82j5-w3wh-5hfm: A flaw was found in foreman before version 1
ghsa_unreviewed·2022-05-13
CVE-2017-2672 [HIGH] CWE-269 GHSA-82j5-w3wh-5hfm: A flaw was found in foreman before version 1
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Red Hat
foreman: Image password leak
vendor_redhat·2017-04-04·CVSS 6.5
CVE-2017-2672 [MEDIUM] CWE-312 foreman: Image password leak
foreman: Image password leak
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
A flaw was found in foreman's logging during the adding or registering of images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Package: foreman (Red Hat Ceph Storage 1.3) - Will not fix
Package: foreman (Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer) - Will not fix
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/97526https://access.redhat.com/errata/RHSA-2018:0336https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672https://projects.theforeman.org/issues/19169http://www.securityfocus.com/bid/97526https://access.redhat.com/errata/RHSA-2018:0336https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672https://projects.theforeman.org/issues/19169
2018-06-21
Published