CVE-2016-4996

EUVD-2016-5961
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
redhatsatellite
6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:0336
https://bugzilla.redhat.com/show_bug.cgi?id=1349136
https://access.redhat.com/errata/RHSA-2018:0336
https://bugzilla.redhat.com/show_bug.cgi?id=1349136