Project

General

Profile

Actions
Copy link

Bug #26450

closed

CVE-2019-3893: Compute resource delete via api returns password in plaintext

Added by Tomer Brisker over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shira Maximov
Category:
Compute resources
Target version:
1.21.1
Difficulty:
Triaged:
No
Bugzilla link:
1692644
Pull request:
https://github.com/theforeman/foreman/pull/6621
Fixed in Releases:
1.20.3, 1.21.1, 1.22.0
Found in Releases:
Red Hat JIRA:
Actions
Copy link
 #1

Updated by Tomer Brisker over 5 years ago

  • Target version set to 1.21.1
Actions
Copy link
 #2

Updated by Tomer Brisker over 5 years ago

  • Private changed from Yes to No

This can be worked around by not granting "destroy_compute_resource" permissions to users that should not know the password.

Actions
Copy link
 #3

Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6621 added
Actions
Copy link
 #4

Updated by Tomer Brisker over 5 years ago

  • Fixed in Releases 1.20.3, 1.21.1, 1.22.0 added
Actions
Copy link
 #5

Updated by Shira Maximov over 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #6

Updated by Tomer Brisker over 5 years ago

  • Assignee set to Shira Maximov
Actions
Copy link
 #7

Updated by Tomer Brisker over 5 years ago

  • Subject changed from Compute resource delete via api returns password in plaintext to CVE-2019-3893: Compute resource delete via api returns password in plaintext
Actions
Copy link

Also available in: Atom PDF