Vulnerability Description
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 1.15.0 |
| Redhat | Satellite | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94985Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593Issue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/94985Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-9593?
CVE-2016-9593 is a vulnerability with a CVSS score of 4.7 (MEDIUM). foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...
How severe is CVE-2016-9593?
CVE-2016-9593 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9593?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman, Redhat Satellite.