CVE-2018-1097

CWE-200 — Information Exposure5 documents5 sources

Severity

8.8HIGH

EPSS

0.4%

top 41.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Foreman Project Foreman Redhat Satellite

Timeline

PublishedApr 4

Latest updateMay 13

Description

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDtheforeman/foreman< 1.6.1

▶CVEListV5foreman_project/foremanbefore 1.16.1

▶NVDredhat/satellite6.4

🔴Vulnerability Details

GHSA

GHSA-fqv6-g44j-5jx7: A flaw was found in foreman before 1↗2022-05-13

▶

CVEList

CVE-2018-1097: A flaw was found in foreman before 1↗2018-04-04

▶

📋Vendor Advisories

Red Hat

foreman: Ovirt admin password exposed by foreman API↗2018-02-10

▶

💬Community

Bugzilla

CVE-2018-1097 foreman: Ovirt admin password exposed by foreman API↗2018-03-28

▶