Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Apr 2018 13:40:48 +0300
From: Tomer Brisker <>
Subject: CVE-2018-1097 Foreman: oVirt credentials exposed by host power API

An information disclosure vulnerability was discovered in the host power
API in Foreman.
When sending a power action to a host provisioned on an oVirt compute
resource, the API responded with details of the compute resource, including
credentials in clear text.

This issue affect Foreman 1.3 or newer.
A fix is included in the 1.16.1 release.
Details are available at‚Äč

Have a nice day,
Tomer Brisker
Red Hat Engineering

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ