In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-04-09T15:17:14

Updated: 2024-08-04T19:19:18.608Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3893

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-04-09T16:29:02.037

Modified: 2022-11-30T22:00:51.447

Link: CVE-2019-3893

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-04-09T03:01:00Z

Links: CVE-2019-3893 - Bugzilla