Unrated severityNVD Advisory· Published Jun 5, 2024· Updated Nov 21, 2025
Foreman-installer: candlepin database password being leaked to local users via the process list
CVE-2024-3716
Description
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2024-3716mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.