#VU10753 Information disclosure in Foreman - CVE-2016-4996
Published: February 27, 2018 / Updated: March 26, 2018
Vulnerability identifier: #VU10753
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4996
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Foreman
Foreman
Software vendor:
Foreman
Foreman
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The weakness exists in the discovery-debug due to improper security restrictions. A local attacker with access to the system journal can obtain the root password by reading the system journal, or by clicking Logs on the console.
The weakness exists in the discovery-debug due to improper security restrictions. A local attacker with access to the system journal can obtain the root password by reading the system journal, or by clicking Logs on the console.
Remediation
Install update from vendor's website.