CVE-2017-2672
First published: Thu Apr 06 2017(Updated: )
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/foreman | <1.15 | 1.15 |
| The Foreman | <1.15 | |
| Red Hat Satellite | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2672?
CVE-2017-2672 is considered to be of medium severity due to the potential exposure of sensitive information in log files.
How do I fix CVE-2017-2672?
To fix CVE-2017-2672, upgrade to Foreman version 1.15 or later.
What systems are affected by CVE-2017-2672?
CVE-2017-2672 affects Foreman versions prior to 1.15 and Red Hat Satellite 6.3.
What kind of information is leaked in CVE-2017-2672?
CVE-2017-2672 can lead to the exposure of passwords for provisioned systems in the Foreman log files.
Who can exploit CVE-2017-2672?
An attacker with access to the Foreman log files can exploit CVE-2017-2672 to view sensitive information.
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-2672
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/theforeman
- canonical/the foreman
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/6.3