CVE-2016-4996

EPSS 0.04%
Published 17.07.2017 13:18:06
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Satellite Version6.3

Redhat ≫ Enterprise Linux Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.088

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

https://access.redhat.com/errata/RHSA-2018:0336

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1349136

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-4996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4996

EUVD