Bug #26450: CVE-2019-3893: Compute resource delete via api returns password in plaintext - Foreman

Bug #26450

CVE-2019-3893: Compute resource delete via api returns password in plaintext

Added by Tomer Brisker about 4 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Compute resources

Target version:

Difficulty:

Triaged:

No

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/6621

Fixed in Releases:

1.20.3, 1.21.1, 1.22.0

Found in Releases:

Red Hat JIRA:

Associated revisions

Revision 12174920 (diff)
Added by Shira Maximov about 4 years ago

Fixes #26450 - add destroy rabl for compute resource

History

#1 Updated by Tomer Brisker about 4 years ago

Target version set to 1.21.1

#2 Updated by Tomer Brisker about 4 years ago

Private changed from Yes to No

This can be worked around by not granting "destroy_compute_resource" permissions to users that should not know the password.

#3 Updated by The Foreman Bot about 4 years ago

Status changed from New to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/6621 added

#4 Updated by Tomer Brisker about 4 years ago

Fixed in Releases 1.20.3, 1.21.1, 1.22.0 added

#5 Updated by Shira Maximov about 4 years ago

Status changed from Ready For Testing to Closed

Applied in changeset 12174920f9df7803060f8b2be9fdf3c250ab4291.

#6 Updated by Tomer Brisker almost 4 years ago

Assignee set to Shira Maximov

#7 Updated by Tomer Brisker almost 4 years ago

Subject changed from Compute resource delete via api returns password in plaintext to CVE-2019-3893: Compute resource delete via api returns password in plaintext

Also available in: Atom PDF