CVE-2016-4996 Information

Description

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in which allows local users with access to the system journal to obtain the root password by reading the system journal or by clicking Logs on the console.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1349136

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0