CVE-2019-3893

Sažetak

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.

Reference

https://projects.theforeman.org/issues/26450
https://github.com/theforeman/foreman/pull/6621
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893
http://www.securityfocus.com/bid/107846
http://www.openwall.com/lists/oss-security/2019/04/14/2

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-11-2022 - 22:00

Objavljeno

09-04-2019 - 16:29