Information disclosure in Red Hat Satellite - CVE-2017-2672
Published: February 27, 2018 / Updated: March 27, 2018
Vulnerability identifier: #VU10762
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2672
CWE-ID: CWE-312
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Satellite
Red Hat Satellite
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the foreman's logging due to improper security restrictions during the adding or registering of images. A remote attacker with access to the foreman log file can view passwords for provisioned systems in the log file that allow to access those systems.
The weakness exists in the foreman's logging due to improper security restrictions during the adding or registering of images. A remote attacker with access to the foreman log file can view passwords for provisioned systems in the log file that allow to access those systems.
How to mitigate CVE-2017-2672
Update to version 6.3.