CVE-2018-1097 - AskarLabs CVE Database

CVE-2018-1097

Vendor Foreman Project

Product foreman

Weakness CWE-200 · Info exposure

Published April 4, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Key dates

02Disclosure timeline

April 4, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-1097 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability CVE-2021-37867 Emails of all users are exposed via one of the Boards APIs CVE-2019-11268 UAA SQL Identity Zone Vulnerability CVE-2025-47417 Enable Debug Images CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials