Actions
Bug #22546
closed
CVE-2018-1097: curl api to change power state on ovirt compute_resource exposes credentials
Difficulty:
Triaged:
Pull request:
https://github.com/theforeman/foreman/pull/5369, https://github.com/theforeman/foreman/pull/5373, https://github.com/theforeman/foreman/pull/5374, https://github.com/theforeman/foreman/pull/5375, https://github.com/theforeman/foreman/pull/5383, https://github.com/theforeman/foreman-packaging/pull/2331, https://github.com/theforeman/foreman/pull/5371, https://github.com/theforeman/foreman-packaging/pull/4320
Description
Looks like the same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1211613 so perhaps this is a regression.
curl -X PUT -H "Content-Type:application/json" -H "Accept:application/json" -k -u user:password -d '{"power_action": "on"}' https://foreman/api/v2/hosts/testhost.domain.name/power
{"power":{"raw":{"name":"testhost.domain.name","href":"/ovirt-engine/api/v3/vms/b67a994d-68f5-4cba-a515-c79536ce55fe","id":"b67a994d-68f5-4cba-a515-c79536ce55fe","client":{"api_entrypoint":"https://ovirt.domain.name/ovirt-engine/api/v3","credentials":{"username":"admin@internal","password":"unmaskedpassword"},
...
Updated by Anonymous about 7 years ago
- Category changed from API to Compute resources - oVirt
- Difficulty deleted (
easy)
Updated by Tomer Brisker about 7 years ago
- Category changed from Compute resources - oVirt to Security
Updated by The Foreman Bot about 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ori Rabin
- Pull request https://github.com/theforeman/foreman/pull/5369 added
Updated by Tomer Brisker about 7 years ago
- Subject changed from curl api to change power state on ovirt compute_resource exposes credentials to CVE-2018-1097: curl api to change power state on ovirt compute_resource exposes credentials
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman/pull/5373 added
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman/pull/5374 added
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman/pull/5375 added
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman/pull/5383 added
Updated by Tomer Brisker about 7 years ago
- Translation missing: en.field_release set to 332
Updated by Ori Rabin about 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 6fb097f945d642c39747e885ec767cacd70fbc76.
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/2331 added
Updated by Anonymous about 7 years ago
- Related to Bug #23212: Changing power state gives: NameError: uninitialized constant Fog::Compute::Ovirt added
Updated by The Foreman Bot about 7 years ago
- Pull request https://github.com/theforeman/foreman/pull/5371 added
Updated by The Foreman Bot over 5 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/4320 added
Actions