CVE-2016-9595 – katello-debug: Possible symlink attacks due to use of predictable file names
https://notcve.org/view.php?id=CVE-2016-9595
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un fallo en katello-debug en versiones anteriores a la 3.4.0, donde determinados scripts y archivos de log utilizaban archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios. A flaw was found in katello-debug where certain scripts and log files used insecure temporary files. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9595 https://access.redhat.com/security/cve/CVE-2016-9595 https://bugzilla.redhat.com/show_bug.cgi?id=1406729 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2017-2672 – foreman: Image password leak
https://notcve.org/view.php?id=CVE-2017-2672
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. Se ha encontrado un error en foreman en versiones anteriores a la 1.15 en el registro de adición y registro de imágenes. Un atacante con acceso al archivo de logs de foreman podría ver contraseñas para sistemas aprovisionados en el archivo de registro, lo que les permitiría acceder a esos sistemas. A flaw was found in foreman's logging during the adding or registering of images. • http://www.securityfocus.com/bid/97526 https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672 https://projects.theforeman.org/issues/19169 https://access.redhat.com/security/cve/CVE-2017-2672 https://bugzilla.redhat.com/show_bug.cgi?id=1439537 • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVE-2014-8183 – foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization
https://notcve.org/view.php?id=CVE-2014-8183
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Se encontró que foreman, versiones 1.x.x anteriores a 1.15.6, en Satellite versión 6 no aplicaba apropiadamente los controles de acceso sobre ciertos recursos. Un atacante con acceso a la API y conocimiento del nombre del recurso puede acceder a recursos en otras organizaciones. It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183 https://access.redhat.com/security/cve/CVE-2014-8183 https://bugzilla.redhat.com/show_bug.cgi?id=1480886 • CWE-284: Improper Access Control •
CVE-2016-9593 – foreman-debug: missing obfuscation of sensitive information
https://notcve.org/view.php?id=CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. foreman-debug, en versiones anteriores a la 1.15.0, es vulnerable a un error en la creación de logs de foreman-debug. Un atacante con acceso al archivo de logs de foreman podría ver contraseñas, lo que les permitiría acceder a esos sistemas. A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. • http://www.securityfocus.com/bid/94985 https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593 https://access.redhat.com/security/cve/CVE-2016-9593 https://bugzilla.redhat.com/show_bug.cgi?id=1406384 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •
CVE-2017-15100 – foreman: Stored XSS in fact name or value
https://notcve.org/view.php?id=CVE-2017-15100
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. Un atacante que envíe hechos que contienen HTML al servidor Foreman puede provocar Cross-Site Scripting (XSS) persistente en ciertas páginas: (1) La página Facts, al hacer clic en el botón "chart" y desplazándose sobre el gráfico; (2) la página Trends, al comprobar el gráfico para una tendencia basada en un hecho; (3) la página Statistics, para los hechos que se agregan en esta página. • http://projects.theforeman.org/issues/21519 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/theforeman/foreman/pull/4967 https://access.redhat.com/security/cve/CVE-2017-15100 https://bugzilla.redhat.com/show_bug.cgi?id=1508551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •