Information disclosure in Foreman - CVE-2016-4996
Published: February 27, 2018 / Updated: March 26, 2018
Vulnerability identifier: #VU10753
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4996
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Foreman
Affected software:
Foreman
Foreman
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The weakness exists in the discovery-debug due to improper security restrictions. A local attacker with access to the system journal can obtain the root password by reading the system journal, or by clicking Logs on the console.
The weakness exists in the discovery-debug due to improper security restrictions. A local attacker with access to the system journal can obtain the root password by reading the system journal, or by clicking Logs on the console.
How to mitigate CVE-2016-4996
Install update from vendor's website.