CVE-2024-3716

Summary

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the –password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References