CVE-2024-3716 — Sensitive Information Exposure in Redhat Satellite

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 85.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedJun 5

Description

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/satellite6.0

🔴Vulnerability Details

GHSA

GHSA-vg42-hcc7-h8cf: A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter↗2024-06-05

▶

CVEList

Foreman-installer: candlepin database password being leaked to local users via the process list↗2024-06-05

▶

📋Vendor Advisories

Red Hat

foreman-installer: Candlepin database password being leaked to local users via the process list↗2024-06-05

▶