Lucene search

[email protected]NVD:CVE-2024-3716

HistoryJun 05, 2024 - 3:15 p.m.

CVE-2024-3716

2024-06-0515:15:12

CWE-200

[email protected]

web.nvd.nist.gov

foreman-installer

puppet-candlepin

password leakage

process list

attacker

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

20.7%

JSON

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

Affected configurations

Nvd

Node

redhatsatelliteMatch6.0

VendorProductVersionCPE
redhatsatellite6.0cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	satellite	6.0	cpe:2.3:a:redhat:satellite:6.0:::::::*

References

access.redhat.com/security/cve/CVE-2024-3716

bugzilla.redhat.com/show_bug.cgi?id=2274755

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

20.7%

JSON

Related for NVD:CVE-2024-3716

redhatcve1 cve1 vulnrichment1 cvelist1