In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.
Foreman is prone to an information disclosure vulnerability. Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks. Versions prior to Foreman 1.20.3, 1.21.1, 1.22.0 are vulnerable
Updates are available. Please see the references or vendor advisory for more information.
Currently, we are not aware of any working exploits.