CVE-2019-3893

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3893
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3893.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3893
Related
Published
2019-04-09T16:29:02Z
Modified
2024-09-03T02:53:24.352415Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events

Affected versions

1.*

1.20.0
1.20.1
1.20.2