CVE-2024-3716 MEDIUM

CVE-2024-3716: Foreman-installer: candlepin database password being leaked to local users via the process list

Vendor Red Hat

Product Red Hat Satellite 6

Weakness CWE-200 · Info exposure

Published June 5, 2024

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

6.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

Key dates

02Disclosure timeline

June 5, 2024 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3716 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-3716: Foreman-installer: candlepin database password being leaked to local users via the process list

01Description

02Disclosure timeline

03References

04Related CVE