Lucene search
RedhatCVELIST:CVE-2024-3716HistoryJun 05, 2024 - 3:05 p.m.
CVE-2024-3716 Foreman-installer: candlepin database password being leaked to local users via the process list
2024-06-0515:05:37
CWE-200
redhat
www.cve.org
5
foreman-installer
cve-2024-3716
candlepin
database password
local users
process list
puppet-candlepin
cpdb
password parameter
attacker
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
20.7%
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
CNA Affected
[
{
"packageName": "foreman-installer",
"collectionURL": "https://github.com/theforeman/foreman-installer",
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Satellite 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "foreman-installer",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:satellite:6"
]
}
]Related
nvd
nvd
CVE-2024-3716
2024-06-05 15:15:12
redhatcve
redhatcve
CVE-2024-3716
2024-06-05 15:04:49
cve
cve
CVE-2024-3716
2024-06-05 15:15:12
vulnrichment
vulnrichment
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
20.7%
Related for CVELIST:CVE-2024-3716