CVE-2017-2672
Last modified
CVE-2017-2672 is a vulnerability of currently unknown severity. A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.
Description
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 1.15 |
| Redhat | Satellite | 6.3 |
References
- http://www.securityfocus.com/bid/97526Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672Exploit, Issue Tracking, Third Party Advisory
- https://projects.theforeman.org/issues/19169Exploit, Vendor Advisory
- http://www.securityfocus.com/bid/97526Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672Exploit, Issue Tracking, Third Party Advisory
- https://projects.theforeman.org/issues/19169Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2672?
How severe is CVE-2017-2672?
How do I fix CVE-2017-2672?
Are you affected by CVE-2017-2672?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST