Project

General

Profile

Bug #31937

CVE-2021-20256 foreman: BMC controller credential leak via API

Added by Evgeni Golov 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

A password leak was identified on Foreman which will expose BMC password in plaintext through the host API.

Associated revisions

Revision 93f87b35 (diff)
Added by Evgeni Golov 7 months ago

Fixes #31937 - CVE-2021-20256 BMC controller credential leak

History

#1 Updated by Evgeni Golov 7 months ago

  • Target version set to 2.4.0
  • Assignee set to Evgeni Golov
  • Subject changed from CVE-2021-20256 foreman: BMC controller credential leak via API to CVE-2021-20256 foreman: BMC controller credential leak via API

#2 Updated by The Foreman Bot 7 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8349 added

#3 Updated by The Foreman Bot 7 months ago

  • Fixed in Releases 2.5.0 added

#4 Updated by Evgeni Golov 7 months ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Tomer Brisker 7 months ago

  • Target version changed from 2.4.0 to 2.5.0

Also available in: Atom PDF