CVE-2018-1097: Infoleak
First published: Wed Mar 28 2018(Updated: )
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Theforeman Foreman | <1.6.1 | |
| Redhat Satellite | =6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2018-1097.
What is the severity level of CVE-2018-1097?
The severity level of CVE-2018-1097 is high (8.8).
What is the affected software for CVE-2018-1097?
The affected software for CVE-2018-1097 includes Theforeman Foreman versions up to and exclusive of 1.6.1 and Redhat Satellite version 6.4.
What is the impact of CVE-2018-1097?
CVE-2018-1097 allows users with limited permissions to discover the username and password used to connect to the compute resource in foreman before 1.16.1.
How can I fix CVE-2018-1097?
To fix CVE-2018-1097, you should update Theforeman Foreman to version 1.16.1 or later and Redhat Satellite to version 6.4 or later.
- collector/nvd-index
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1097
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/theforeman
- canonical/theforeman foreman
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.4