CVE-2016-4996

EPSS 0.04%
Veröffentlicht 17.07.2017 13:18:06
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Satellite Version6.3

Redhat ≫ Enterprise Linux Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

https://access.redhat.com/errata/RHSA-2018:0336

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1349136

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-4996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4996

EUVD