Vulnerabilities > CVE-2016-9593 - Credentials Management vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
theforeman
redhat
CWE-255
nessus

Summary

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

Vulnerable Configurations

Part Description Count
Application
Theforeman
136
Application
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyRed Hat Local Security Checks
NASL idREDHAT-RHSA-2018-0336.NASL
descriptionAn update is now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6. All users who require Satellite version 6.3 are advised to install these new packages. Security Fix(es) : * V8: integer overflow leading to buffer overflow in Zone::New (CVE-2016-1669) * rubygem-will_paginate: XSS vulnerabilities (CVE-2013-6459) * foreman: models with a
last seen2020-06-01
modified2020-06-02
plugin id107053
published2018-02-28
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/107053
titleRHEL 7 : Satellite Server (RHSA-2018:0336)

Redhat

advisories
rhsa
idRHSA-2018:0336
rpms
  • candlepin-0:2.1.14-1.el7
  • candlepin-selinux-0:2.1.14-1.el7
  • foreman-0:1.15.6.34-1.el7sat
  • foreman-bootloaders-redhat-0:201801241201-2.el7sat
  • foreman-bootloaders-redhat-tftpboot-0:201801241201-2.el7sat
  • foreman-cli-0:1.15.6.34-1.el7sat
  • foreman-compute-0:1.15.6.34-1.el7sat
  • foreman-debug-0:1.15.6.34-1.el7sat
  • foreman-discovery-image-1:3.4.4-1.el7sat
  • foreman-ec2-0:1.15.6.34-1.el7sat
  • foreman-gce-0:1.15.6.34-1.el7sat
  • foreman-installer-1:1.15.6.8-1.el7sat
  • foreman-installer-katello-0:3.4.5.26-1.el7sat
  • foreman-libvirt-0:1.15.6.34-1.el7sat
  • foreman-openstack-0:1.15.6.34-1.el7sat
  • foreman-ovirt-0:1.15.6.34-1.el7sat
  • foreman-postgresql-0:1.15.6.34-1.el7sat
  • foreman-proxy-0:1.15.6.4-1.el7sat
  • foreman-proxy-content-0:3.4.5-15.el7sat
  • foreman-rackspace-0:1.15.6.34-1.el7sat
  • foreman-selinux-0:1.15.6.2-1.el7sat
  • foreman-vmware-0:1.15.6.34-1.el7sat
  • hiera-0:1.3.1-2.el7sat
  • katello-0:3.4.5-15.el7sat
  • katello-certs-tools-0:2.4.0-1.el7sat
  • katello-client-bootstrap-0:1.5.1-1.el7sat
  • katello-common-0:3.4.5-15.el7sat
  • katello-debug-0:3.4.5-15.el7sat
  • katello-installer-base-0:3.4.5.26-1.el7sat
  • katello-selinux-0:3.0.2-1.el7sat
  • katello-service-0:3.4.5-15.el7sat
  • kobo-0:0.5.1-1.el7sat
  • pulp-admin-client-0:2.13.4.6-1.el7sat
  • pulp-docker-admin-extensions-0:2.4.1-2.el7sat
  • pulp-docker-plugins-0:2.4.1-2.el7sat
  • pulp-katello-0:1.0.2-1.el7sat
  • pulp-nodes-child-0:2.13.4.6-1.el7sat
  • pulp-nodes-common-0:2.13.4.6-1.el7sat
  • pulp-nodes-parent-0:2.13.4.6-1.el7sat
  • pulp-ostree-admin-extensions-0:1.2.1.1-1.el7sat
  • pulp-ostree-plugins-0:1.2.1.1-1.el7sat
  • pulp-puppet-admin-extensions-0:2.13.4-3.el7sat
  • pulp-puppet-plugins-0:2.13.4-3.el7sat
  • pulp-puppet-tools-0:2.13.4-3.el7sat
  • pulp-rpm-admin-extensions-0:2.13.4.8-1.el7sat
  • pulp-rpm-plugins-0:2.13.4.8-1.el7sat
  • pulp-selinux-0:2.13.4.6-1.el7sat
  • pulp-server-0:2.13.4.6-1.el7sat
  • puppet-foreman_scap_client-0:0.3.16-1.el7sat
  • python-pulp-agent-lib-0:2.13.4.6-1.el7sat
  • python-pulp-bindings-0:2.13.4.6-1.el7sat
  • python-pulp-client-lib-0:2.13.4.6-1.el7sat
  • python-pulp-common-0:2.13.4.6-1.el7sat
  • python-pulp-docker-common-0:2.4.1-2.el7sat
  • python-pulp-oid_validation-0:2.13.4.6-1.el7sat
  • python-pulp-ostree-common-0:1.2.1.1-1.el7sat
  • python-pulp-puppet-common-0:2.13.4-3.el7sat
  • python-pulp-repoauth-0:2.13.4.6-1.el7sat
  • python-pulp-rpm-common-0:2.13.4.8-1.el7sat
  • python-pulp-streamer-0:2.13.4.6-1.el7sat
  • python-zope-interface-0:4.0.5-4.el7
  • python-zope-interface-debuginfo-0:4.0.5-4.el7
  • redhat-access-insights-puppet-0:0.0.9-2.el7sat
  • rubygem-foreman_scap_client-0:0.3.0-2.el7sat
  • rubygem-kafo-0:2.0.2-1.el7sat
  • rubygem-kafo_parsers-0:0.1.6-1.el7sat
  • rubygem-kafo_wizards-0:0.0.1-2.el7sat
  • rubygem-smart_proxy_dhcp_remote_isc-0:0.0.2.1-1.fm1_15.el7sat
  • rubygem-smart_proxy_discovery-0:1.0.4-3.el7sat
  • rubygem-smart_proxy_discovery_image-0:1.0.9-1.el7sat
  • rubygem-smart_proxy_dynflow-0:0.1.10-1.el7sat
  • rubygem-smart_proxy_openscap-0:0.6.9-1.el7sat
  • rubygem-smart_proxy_pulp-0:1.3.0-1.git.0.b5c2768.el7sat
  • rubygem-smart_proxy_remote_execution_ssh-0:0.1.6-1.el7sat
  • rubygem-tilt-0:1.3.7-2.git.0.3b416c9.el7sat
  • satellite-0:6.3.0-23.0.el7sat
  • satellite-capsule-0:6.3.0-23.0.el7sat
  • satellite-cli-0:6.3.0-23.0.el7sat
  • satellite-common-0:6.3.0-23.0.el7sat
  • satellite-debug-tools-0:6.3.0-23.0.el7sat
  • satellite-installer-0:6.3.0.12-1.el7sat
  • tfm-rubygem-bastion-0:5.1.1.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-redhat_access-0:2.0.13-1.el7sat
  • tfm-rubygem-foreman-tasks-0:0.9.6.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-tasks-core-0:0.1.8-1.fm1_15.el7sat
  • tfm-rubygem-foreman_bootdisk-0:10.0.2.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_discovery-0:9.1.5.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_docker-0:3.1.0.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_hooks-0:0.3.14-1.fm1_15.el7sat
  • tfm-rubygem-foreman_openscap-0:0.7.11-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution-0:1.3.7.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution_core-0:1.0.6-1.fm1_15.el7sat
  • tfm-rubygem-foreman_templates-0:5.0.1-1.fm1_15.el7sat
  • tfm-rubygem-foreman_theme_satellite-0:1.0.4.16-1.el7sat
  • tfm-rubygem-foreman_virt_who_configure-0:0.1.9-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli-0:0.11.0.1-1.el7sat
  • tfm-rubygem-hammer_cli_csv-0:2.3.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman-0:0.11.0.5-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_admin-0:0.0.8-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_bootdisk-0:0.1.3.3-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_discovery-0:1.0.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_docker-0:0.0.6-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_openscap-0:0.1.5-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_remote_execution-0:0.0.6-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_tasks-0:0.0.12-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_virt_who_configure-0:0.0.3-1.el7sat
  • tfm-rubygem-hammer_cli_katello-0:0.11.3.5-1.el7sat
  • tfm-rubygem-katello-0:3.4.5.58-1.el7sat
  • tfm-rubygem-katello_ostree-0:3.4.5.58-1.el7sat
  • tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.fm1_15.el7sat
  • tfm-rubygem-smart_proxy_dynflow_core-0:0.1.10-1.fm1_15.el7sat