CVE-2019-3893

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3893

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3893.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3893

Downstream

RHSA-2019:3172

Published

2019-04-09T16:29:02.037Z

Modified

2026-03-10T22:46:17.905886Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type

GIT

Repo

https://github.com/theforeman/smart-proxy

Events

Introduced

0220a2581b5c0465bd206b12e015b91048671bb7

Fixed

60028ea39a5c4477c7ece7ace4f7b9c40b706446

Introduced

698f3855da3076da2d045b6b947dfa7b8c3bb1f3

Fixed

12885f96acc37f22ac746204e19070ea8467f696

Database specific

{
    "versions": [
        {
            "introduced": "1.20.0"
        },
        {
            "fixed": "1.20.3"
        },
        {
            "introduced": "1.21.0"
        },
        {
            "fixed": "1.21.1"
        }
    ]
}

Affected versions

1.*

1.20.0

1.20.1

1.20.2

1.21.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3893.json"