Project

General

Profile

Bug #26450

CVE-2019-3893: Compute resource delete via api returns password in plaintext

Added by Tomer Brisker 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Compute resources
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Associated revisions

Revision 12174920 (diff)
Added by Shira Maximov 6 months ago

Fixes #26450 - add destroy rabl for compute resource

History

#1 Updated by Tomer Brisker 6 months ago

  • Target version set to 1.21.1

#2 Updated by Tomer Brisker 6 months ago

  • Private changed from Yes to No

This can be worked around by not granting "destroy_compute_resource" permissions to users that should not know the password.

#3 Updated by The Foreman Bot 6 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6621 added

#4 Updated by Tomer Brisker 6 months ago

  • Fixed in Releases 1.20.3, 1.21.1, 1.22.0 added

#5 Updated by Shira Maximov 6 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Tomer Brisker 5 months ago

  • Assignee set to Shira Maximov

#7 Updated by Tomer Brisker 5 months ago

  • Subject changed from Compute resource delete via api returns password in plaintext to CVE-2019-3893: Compute resource delete via api returns password in plaintext

Also available in: Atom PDF