Foreman CVE-2017-2672 Information Disclosure Vulnerability

Foreman is prone to an information disclosure vulnerability.

Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks.

Foreman 1.4 and later are vulnerable.

Information

Bugtraq ID: 97526
Class: Design Error
CVE: CVE-2017-2672

Remote: Yes
Local: No
Published: Apr 06 2017 12:00AM
Updated: Apr 10 2017 09:05PM
Credit: Daniel Kimsey
Vulnerable: Foreman Foreman 1.12.2
Foreman Foreman 1.12.1
Foreman Foreman 1.12
Foreman Foreman 1.11.4
Foreman Foreman 1.10
Foreman Foreman 1.9.3
Foreman Foreman 1.9.2
Foreman Foreman 1.9.1
Foreman Foreman 1.9
Foreman Foreman 1.8.4
Foreman Foreman 1.8.3
Foreman Foreman 1.8.2
Foreman Foreman 1.8.1
Foreman Foreman 1.8
Foreman Foreman 1.7.5
Foreman Foreman 1.7.4
Foreman Foreman 1.7.3
Foreman Foreman 1.7.2
Foreman Foreman 1.7.1
Foreman Foreman 1.7
Foreman Foreman 1.6.3
Foreman Foreman 1.6.2
Foreman Foreman 1.6.1
Foreman Foreman 1.6
Foreman Foreman 1.5.4
Foreman Foreman 1.5.3
Foreman Foreman 1.5.2
Foreman Foreman 1.5.1
Foreman Foreman 1.5
Foreman Foreman 1.4.5
Foreman Foreman 1.4.3
Foreman Foreman 1.4.2
Foreman Foreman 1.4.1
Foreman Foreman 1.4
Foreman Foreman 1.13
Foreman Foreman 1.12.4
Foreman Foreman 1.10.4

Not Vulnerable:

References:

• CVE-2017-2672: Foreman image password disclosure in audit log (Foreman)
  
• Foreman Homepage (Foreman)
  

Source: www.securityfocus.com