Homepage
About Snyk

Information Exposure Affecting foreman_ansible package, versions <4.0.3.4

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.07% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUBY-FOREMANANSIBLE-1297181
  • published 28 May 2021
  • disclosed 28 May 2021
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 28 May 2021

CVE-2020-10716 Open this link in a new tab
CWE-285 Open this link in a new tab

How to fix?

Upgrade foreman_ansible to version 4.0.3.4 or higher.

Overview

foreman_ansible is an Ansible integration with Foreman.

Affected versions of this package are vulnerable to Information Exposure. A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    Low
  • Availability (A)
    None
Expand this section

NVD

6.5 medium
Expand this section

Red Hat

4.3 medium