Bug #26450: CVE-2019-3893: Compute resource delete via api returns password in plaintext - Foreman

Actions

Bug #26450

closed

CVE-2019-3893: Compute resource delete via api returns password in plaintext

Added by Tomer Brisker about 5 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Compute resources

Target version:

Difficulty:

Triaged:

No

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/6621

Fixed in Releases:

1.20.3, 1.21.1, 1.22.0

Found in Releases:

Red Hat JIRA:

Actions

#1

Updated by Tomer Brisker about 5 years ago

Target version set to 1.21.1

Actions

#2

Updated by Tomer Brisker about 5 years ago

Private changed from Yes to No

This can be worked around by not granting "destroy_compute_resource" permissions to users that should not know the password.

Actions

#3

Updated by The Foreman Bot about 5 years ago

Status changed from New to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/6621 added

Actions

#4

Updated by Tomer Brisker about 5 years ago

Fixed in Releases 1.20.3, 1.21.1, 1.22.0 added

Actions

#5

Updated by Shira Maximov about 5 years ago

Status changed from Ready For Testing to Closed

Applied in changeset 12174920f9df7803060f8b2be9fdf3c250ab4291.

Actions

#6

Updated by Tomer Brisker about 5 years ago

Assignee set to Shira Maximov

Actions

#7

Updated by Tomer Brisker about 5 years ago

Subject changed from Compute resource delete via api returns password in plaintext to CVE-2019-3893: Compute resource delete via api returns password in plaintext

Actions

Also available in: Atom PDF