ID CVE-2016-9593
Summary foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
References
Vulnerable Configurations
  • cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 09-10-2019 - 23:20)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
redhat via4
advisories
rhsa
id RHSA-2018:0336
rpms
  • candlepin-0:2.1.14-1.el7
  • candlepin-selinux-0:2.1.14-1.el7
  • foreman-0:1.15.6.34-1.el7sat
  • foreman-bootloaders-redhat-0:201801241201-2.el7sat
  • foreman-bootloaders-redhat-tftpboot-0:201801241201-2.el7sat
  • foreman-cli-0:1.15.6.34-1.el7sat
  • foreman-compute-0:1.15.6.34-1.el7sat
  • foreman-debug-0:1.15.6.34-1.el7sat
  • foreman-discovery-image-1:3.4.4-1.el7sat
  • foreman-ec2-0:1.15.6.34-1.el7sat
  • foreman-gce-0:1.15.6.34-1.el7sat
  • foreman-installer-1:1.15.6.8-1.el7sat
  • foreman-installer-katello-0:3.4.5.26-1.el7sat
  • foreman-libvirt-0:1.15.6.34-1.el7sat
  • foreman-openstack-0:1.15.6.34-1.el7sat
  • foreman-ovirt-0:1.15.6.34-1.el7sat
  • foreman-postgresql-0:1.15.6.34-1.el7sat
  • foreman-proxy-0:1.15.6.4-1.el7sat
  • foreman-proxy-content-0:3.4.5-15.el7sat
  • foreman-rackspace-0:1.15.6.34-1.el7sat
  • foreman-selinux-0:1.15.6.2-1.el7sat
  • foreman-vmware-0:1.15.6.34-1.el7sat
  • hiera-0:1.3.1-2.el7sat
  • katello-0:3.4.5-15.el7sat
  • katello-certs-tools-0:2.4.0-1.el7sat
  • katello-client-bootstrap-0:1.5.1-1.el7sat
  • katello-common-0:3.4.5-15.el7sat
  • katello-debug-0:3.4.5-15.el7sat
  • katello-installer-base-0:3.4.5.26-1.el7sat
  • katello-selinux-0:3.0.2-1.el7sat
  • katello-service-0:3.4.5-15.el7sat
  • kobo-0:0.5.1-1.el7sat
  • pulp-admin-client-0:2.13.4.6-1.el7sat
  • pulp-docker-admin-extensions-0:2.4.1-2.el7sat
  • pulp-docker-plugins-0:2.4.1-2.el7sat
  • pulp-katello-0:1.0.2-1.el7sat
  • pulp-nodes-child-0:2.13.4.6-1.el7sat
  • pulp-nodes-common-0:2.13.4.6-1.el7sat
  • pulp-nodes-parent-0:2.13.4.6-1.el7sat
  • pulp-ostree-admin-extensions-0:1.2.1.1-1.el7sat
  • pulp-ostree-plugins-0:1.2.1.1-1.el7sat
  • pulp-puppet-admin-extensions-0:2.13.4-3.el7sat
  • pulp-puppet-plugins-0:2.13.4-3.el7sat
  • pulp-puppet-tools-0:2.13.4-3.el7sat
  • pulp-rpm-admin-extensions-0:2.13.4.8-1.el7sat
  • pulp-rpm-plugins-0:2.13.4.8-1.el7sat
  • pulp-selinux-0:2.13.4.6-1.el7sat
  • pulp-server-0:2.13.4.6-1.el7sat
  • puppet-foreman_scap_client-0:0.3.16-1.el7sat
  • python-pulp-agent-lib-0:2.13.4.6-1.el7sat
  • python-pulp-bindings-0:2.13.4.6-1.el7sat
  • python-pulp-client-lib-0:2.13.4.6-1.el7sat
  • python-pulp-common-0:2.13.4.6-1.el7sat
  • python-pulp-docker-common-0:2.4.1-2.el7sat
  • python-pulp-oid_validation-0:2.13.4.6-1.el7sat
  • python-pulp-ostree-common-0:1.2.1.1-1.el7sat
  • python-pulp-puppet-common-0:2.13.4-3.el7sat
  • python-pulp-repoauth-0:2.13.4.6-1.el7sat
  • python-pulp-rpm-common-0:2.13.4.8-1.el7sat
  • python-pulp-streamer-0:2.13.4.6-1.el7sat
  • python-zope-interface-0:4.0.5-4.el7
  • python-zope-interface-debuginfo-0:4.0.5-4.el7
  • redhat-access-insights-puppet-0:0.0.9-2.el7sat
  • rubygem-foreman_scap_client-0:0.3.0-2.el7sat
  • rubygem-kafo-0:2.0.2-1.el7sat
  • rubygem-kafo_parsers-0:0.1.6-1.el7sat
  • rubygem-kafo_wizards-0:0.0.1-2.el7sat
  • rubygem-smart_proxy_dhcp_remote_isc-0:0.0.2.1-1.fm1_15.el7sat
  • rubygem-smart_proxy_discovery-0:1.0.4-3.el7sat
  • rubygem-smart_proxy_discovery_image-0:1.0.9-1.el7sat
  • rubygem-smart_proxy_dynflow-0:0.1.10-1.el7sat
  • rubygem-smart_proxy_openscap-0:0.6.9-1.el7sat
  • rubygem-smart_proxy_pulp-0:1.3.0-1.git.0.b5c2768.el7sat
  • rubygem-smart_proxy_remote_execution_ssh-0:0.1.6-1.el7sat
  • rubygem-tilt-0:1.3.7-2.git.0.3b416c9.el7sat
  • satellite-0:6.3.0-23.0.el7sat
  • satellite-capsule-0:6.3.0-23.0.el7sat
  • satellite-cli-0:6.3.0-23.0.el7sat
  • satellite-common-0:6.3.0-23.0.el7sat
  • satellite-debug-tools-0:6.3.0-23.0.el7sat
  • satellite-installer-0:6.3.0.12-1.el7sat
  • tfm-rubygem-bastion-0:5.1.1.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-redhat_access-0:2.0.13-1.el7sat
  • tfm-rubygem-foreman-tasks-0:0.9.6.4-1.fm1_15.el7sat
  • tfm-rubygem-foreman-tasks-core-0:0.1.8-1.fm1_15.el7sat
  • tfm-rubygem-foreman_bootdisk-0:10.0.2.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_discovery-0:9.1.5.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_docker-0:3.1.0.3-1.fm1_15.el7sat
  • tfm-rubygem-foreman_hooks-0:0.3.14-1.fm1_15.el7sat
  • tfm-rubygem-foreman_openscap-0:0.7.11-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution-0:1.3.7.2-1.fm1_15.el7sat
  • tfm-rubygem-foreman_remote_execution_core-0:1.0.6-1.fm1_15.el7sat
  • tfm-rubygem-foreman_templates-0:5.0.1-1.fm1_15.el7sat
  • tfm-rubygem-foreman_theme_satellite-0:1.0.4.16-1.el7sat
  • tfm-rubygem-foreman_virt_who_configure-0:0.1.9-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli-0:0.11.0.1-1.el7sat
  • tfm-rubygem-hammer_cli_csv-0:2.3.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman-0:0.11.0.5-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_admin-0:0.0.8-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_bootdisk-0:0.1.3.3-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_discovery-0:1.0.0-1.el7sat
  • tfm-rubygem-hammer_cli_foreman_docker-0:0.0.6-2.el7sat
  • tfm-rubygem-hammer_cli_foreman_openscap-0:0.1.5-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_remote_execution-0:0.0.6-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_tasks-0:0.0.12-1.fm1_15.el7sat
  • tfm-rubygem-hammer_cli_foreman_virt_who_configure-0:0.0.3-1.el7sat
  • tfm-rubygem-hammer_cli_katello-0:0.11.3.5-1.el7sat
  • tfm-rubygem-katello-0:3.4.5.58-1.el7sat
  • tfm-rubygem-katello_ostree-0:3.4.5.58-1.el7sat
  • tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.fm1_15.el7sat
  • tfm-rubygem-smart_proxy_dynflow_core-0:0.1.10-1.fm1_15.el7sat
refmap via4
bid 94985
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593
Last major update 09-10-2019 - 23:20
Published 16-04-2018 - 15:29
Last modified 09-10-2019 - 23:20
Back to Top