Vulnerability Description
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 1.15 |
| Redhat | Satellite | 6.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97526Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672ExploitIssue TrackingThird Party Advisory
- https://projects.theforeman.org/issues/19169ExploitVendor Advisory
- http://www.securityfocus.com/bid/97526Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672ExploitIssue TrackingThird Party Advisory
- https://projects.theforeman.org/issues/19169ExploitVendor Advisory
FAQ
What is CVE-2017-2672?
CVE-2017-2672 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems...
How severe is CVE-2017-2672?
CVE-2017-2672 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2672?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman, Redhat Satellite.