oss-sec mailing list archives
CVE-2018-1097 Foreman: oVirt credentials exposed by host power API
From: Tomer Brisker <tbrisker () redhat com>
Date: Tue, 10 Apr 2018 13:40:48 +0300
An information disclosure vulnerability was discovered in the host power API in Foreman. When sending a power action to a host provisioned on an oVirt compute resource, the API responded with details of the compute resource, including credentials in clear text. This issue affect Foreman 1.3 or newer. A fix is included in the 1.16.1 release. Details are available at http://projects.theforeman.org/issues/22546 -- Have a nice day, Tomer Brisker Red Hat Engineering
Current thread:
- CVE-2018-1097 Foreman: oVirt credentials exposed by host power API Tomer Brisker (Apr 10)