ID |
CVE-2016-4996
|
Summary |
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 1.9 (as of 13-02-2023 - 04:50) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-255 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
redhat
via4
|
|
refmap
via4
|
|
Last major update |
13-02-2023 - 04:50 |
Published |
17-07-2017 - 13:18 |
Last modified |
13-02-2023 - 04:50 |