Unrated severityNVD Advisory· Published Apr 9, 2019· Updated Aug 4, 2024

CVE-2019-3893

Description

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.

Affected products

The Foreman Project/Foremanv5
Range: 1.20.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2019/04/14/2mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/107846mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/theforeman/foreman/pull/6621mitrex_refsource_MISC
projects.theforeman.org/issues/26450mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000