Bug #31937: CVE-2021-20256 foreman: BMC controller credential leak via API - Foreman

Actions

Bug #31937

closed

CVE-2021-20256 foreman: BMC controller credential leak via API

Added by Evgeni Golov over 3 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Security

Target version:

Difficulty:

Triaged:

No

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/8349

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

A password leak was identified on Foreman which will expose BMC password in plaintext through the host API.

Actions

#1

Updated by Evgeni Golov over 3 years ago

Subject changed from CVE-2021-20256 foreman: BMC controller credential leak via API to CVE-2021-20256 foreman: BMC controller credential leak via API
Assignee set to Evgeni Golov
Target version set to 2.4.0

Actions

#2

Updated by The Foreman Bot over 3 years ago

Status changed from New to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/8349 added

Actions

#3

Updated by The Foreman Bot over 3 years ago

Fixed in Releases 2.5.0 added

Actions

#4

Updated by Evgeni Golov over 3 years ago

Status changed from Ready For Testing to Closed

Applied in changeset foreman|93f87b351bba75395e26fb693956aaac8741f8fa.

Actions

#5

Updated by Tomer Brisker over 3 years ago

Target version changed from 2.4.0 to 2.5.0

Actions

Also available in: Atom PDF