CVE-2018-1097 Foreman: oVirt credentials exposed by host power API

[Tomer Brisker <tbrisker () redhat com>]

An information disclosure vulnerability was discovered in the host power
API in Foreman.
When sending a power action to a host provisioned on an oVirt compute
resource, the API responded with details of the compute resource, including
credentials in clear text.

This issue affect Foreman 1.3 or newer.
A fix is included in the 1.16.1 release.
Details are available at http://projects.theforeman.org/issues/22546​

-- 
Have a nice day,
Tomer Brisker
Red Hat Engineering