Lucene search

Veracode Vulnerability DatabaseVERACODE:18967

HistoryMay 16, 2019 - 2:19 a.m.

Information Disclosure

2019-05-1602:19:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Foreman is vulnerable to information disclosure attacks. This occurs in foreman-debug’s logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

CPENameOperatorVersion
tfm-rubygem-foreman_discoveryeq5.0.0.9__1.el7sat
tfm-rubygem-foreman_discoveryeq5.0.0.8__1.el7sat
tfm-rubygem-hammer_cli_csveq2.1.0__1.el7sat
tfm-rubygem-hammer_cli_csveq2.2.1.1__1.el7sat
tfm-rubygem-hammer_cli_csveq2.0.0.1__1.el7sat
rubygem-smart_proxy_discovery_imageeq1.0.5__4.el7sat
rubygem-smart_proxy_discovery_imageeq1.0.5__3.el7sat
tfm-rubygem-hammer_clieq0.5.1.13__2.el7sat
tfm-rubygem-hammer_clieq0.5.1.11__4.el7sat
tfm-rubygem-hammer_clieq0.5.1.12__1.el7sat

Name	Operator	Version
tfm-rubygem-foreman_discovery	eq	5.0.0.9__1.el7sat
tfm-rubygem-foreman_discovery	eq	5.0.0.8__1.el7sat
tfm-rubygem-hammer_cli_csv	eq	2.1.0__1.el7sat
tfm-rubygem-hammer_cli_csv	eq	2.2.1.1__1.el7sat
tfm-rubygem-hammer_cli_csv	eq	2.0.0.1__1.el7sat
rubygem-smart_proxy_discovery_image	eq	1.0.5__4.el7sat
rubygem-smart_proxy_discovery_image	eq	1.0.5__3.el7sat
tfm-rubygem-hammer_cli	eq	0.5.1.13__2.el7sat
tfm-rubygem-hammer_cli	eq	0.5.1.11__4.el7sat
tfm-rubygem-hammer_cli	eq	0.5.1.12__1.el7sat

Rows per page:

1-10 of 3421

References

www.securityfocus.com/bid/94985

access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/release_notes/

access.redhat.com/errata/RHSA-2018:0336

access.redhat.com/security/cve/CVE-2017-15699

access.redhat.com/security/cve/CVE-2017-2295

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1019214

bugzilla.redhat.com/show_bug.cgi?id=1132402

bugzilla.redhat.com/show_bug.cgi?id=1133515

bugzilla.redhat.com/show_bug.cgi?id=1140671

bugzilla.redhat.com/show_bug.cgi?id=1144042

bugzilla.redhat.com/show_bug.cgi?id=1145653

bugzilla.redhat.com/show_bug.cgi?id=1154382

bugzilla.redhat.com/show_bug.cgi?id=1177766

bugzilla.redhat.com/show_bug.cgi?id=1187338

bugzilla.redhat.com/show_bug.cgi?id=1190002

bugzilla.redhat.com/show_bug.cgi?id=1199204

bugzilla.redhat.com/show_bug.cgi?id=1210878

bugzilla.redhat.com/show_bug.cgi?id=1215825

bugzilla.redhat.com/show_bug.cgi?id=1217523

bugzilla.redhat.com/show_bug.cgi?id=1245642

bugzilla.redhat.com/show_bug.cgi?id=1255484

bugzilla.redhat.com/show_bug.cgi?id=1257588

bugzilla.redhat.com/show_bug.cgi?id=1260697

bugzilla.redhat.com/show_bug.cgi?id=1263748

bugzilla.redhat.com/show_bug.cgi?id=1264043

bugzilla.redhat.com/show_bug.cgi?id=1264732

bugzilla.redhat.com/show_bug.cgi?id=1265125

bugzilla.redhat.com/show_bug.cgi?id=1270771

bugzilla.redhat.com/show_bug.cgi?id=1274159

bugzilla.redhat.com/show_bug.cgi?id=1278642

bugzilla.redhat.com/show_bug.cgi?id=1278644

bugzilla.redhat.com/show_bug.cgi?id=1284686

bugzilla.redhat.com/show_bug.cgi?id=1291935

bugzilla.redhat.com/show_bug.cgi?id=1292510

bugzilla.redhat.com/show_bug.cgi?id=1293538

bugzilla.redhat.com/show_bug.cgi?id=1303103

bugzilla.redhat.com/show_bug.cgi?id=1304608

bugzilla.redhat.com/show_bug.cgi?id=1305059

bugzilla.redhat.com/show_bug.cgi?id=1306723

bugzilla.redhat.com/show_bug.cgi?id=1309569

bugzilla.redhat.com/show_bug.cgi?id=1309944

bugzilla.redhat.com/show_bug.cgi?id=1313634

bugzilla.redhat.com/show_bug.cgi?id=1317614

bugzilla.redhat.com/show_bug.cgi?id=1318534

bugzilla.redhat.com/show_bug.cgi?id=1323436

bugzilla.redhat.com/show_bug.cgi?id=1324508

bugzilla.redhat.com/show_bug.cgi?id=1327030

bugzilla.redhat.com/show_bug.cgi?id=1328238

bugzilla.redhat.com/show_bug.cgi?id=1336924

bugzilla.redhat.com/show_bug.cgi?id=1339715

bugzilla.redhat.com/show_bug.cgi?id=1340559

bugzilla.redhat.com/show_bug.cgi?id=1342623

bugzilla.redhat.com/show_bug.cgi?id=1344049

bugzilla.redhat.com/show_bug.cgi?id=1361473

bugzilla.redhat.com/show_bug.cgi?id=1366029

bugzilla.redhat.com/show_bug.cgi?id=1370168

bugzilla.redhat.com/show_bug.cgi?id=1376134

bugzilla.redhat.com/show_bug.cgi?id=1376191

bugzilla.redhat.com/show_bug.cgi?id=1382356

bugzilla.redhat.com/show_bug.cgi?id=1382735

bugzilla.redhat.com/show_bug.cgi?id=1384146

bugzilla.redhat.com/show_bug.cgi?id=1384548

bugzilla.redhat.com/show_bug.cgi?id=1386266

bugzilla.redhat.com/show_bug.cgi?id=1386278

bugzilla.redhat.com/show_bug.cgi?id=1390545

bugzilla.redhat.com/show_bug.cgi?id=1391831

bugzilla.redhat.com/show_bug.cgi?id=1393409

bugzilla.redhat.com/show_bug.cgi?id=1394056

bugzilla.redhat.com/show_bug.cgi?id=1402922

bugzilla.redhat.com/show_bug.cgi?id=1410872

bugzilla.redhat.com/show_bug.cgi?id=1412186

bugzilla.redhat.com/show_bug.cgi?id=1413851

bugzilla.redhat.com/show_bug.cgi?id=1416119

bugzilla.redhat.com/show_bug.cgi?id=1417073

bugzilla.redhat.com/show_bug.cgi?id=1420711

bugzilla.redhat.com/show_bug.cgi?id=1422458

bugzilla.redhat.com/show_bug.cgi?id=1425121

bugzilla.redhat.com/show_bug.cgi?id=1425523

bugzilla.redhat.com/show_bug.cgi?id=1426404

bugzilla.redhat.com/show_bug.cgi?id=1426411

bugzilla.redhat.com/show_bug.cgi?id=1426448

bugzilla.redhat.com/show_bug.cgi?id=1428761

bugzilla.redhat.com/show_bug.cgi?id=1429426

bugzilla.redhat.com/show_bug.cgi?id=1434069

bugzilla.redhat.com/show_bug.cgi?id=1435972

bugzilla.redhat.com/show_bug.cgi?id=1438376

bugzilla.redhat.com/show_bug.cgi?id=1439850

bugzilla.redhat.com/show_bug.cgi?id=1445807

bugzilla.redhat.com/show_bug.cgi?id=1446707

bugzilla.redhat.com/show_bug.cgi?id=1446719

bugzilla.redhat.com/show_bug.cgi?id=1452124

bugzilla.redhat.com/show_bug.cgi?id=1455057

bugzilla.redhat.com/show_bug.cgi?id=1455455

bugzilla.redhat.com/show_bug.cgi?id=1458817

bugzilla.redhat.com/show_bug.cgi?id=1464224

bugzilla.redhat.com/show_bug.cgi?id=1468248

bugzilla.redhat.com/show_bug.cgi?id=1480346

bugzilla.redhat.com/show_bug.cgi?id=1480348

bugzilla.redhat.com/show_bug.cgi?id=1493001

bugzilla.redhat.com/show_bug.cgi?id=1493494

bugzilla.redhat.com/show_bug.cgi?id=1517827

bugzilla.redhat.com/show_bug.cgi?id=1529099

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:18967