Project

General

Profile

Actions

Bug #22546

closed

CVE-2018-1097: curl api to change power state on ovirt compute_resource exposes credentials

Added by Steve D about 6 years ago. Updated over 4 years ago.


Description

Looks like the same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1211613 so perhaps this is a regression.

curl -X PUT -H "Content-Type:application/json" -H "Accept:application/json" -k -u user:password -d '{"power_action": "on"}' https://foreman/api/v2/hosts/testhost.domain.name/power

{"power":{"raw":{"name":"testhost.domain.name","href":"/ovirt-engine/api/v3/vms/b67a994d-68f5-4cba-a515-c79536ce55fe","id":"b67a994d-68f5-4cba-a515-c79536ce55fe","client":{"api_entrypoint":"https://ovirt.domain.name/ovirt-engine/api/v3","credentials":{"username":"admin@internal","password":"unmaskedpassword"},
...


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #23212: Changing power state gives: NameError: uninitialized constant Fog::Compute::OvirtClosed04/11/2018Actions
Actions #1

Updated by Anonymous about 6 years ago

  • Category changed from API to Compute resources - oVirt
  • Difficulty deleted (easy)
Actions #2

Updated by Tomer Brisker about 6 years ago

  • Category changed from Compute resources - oVirt to Security
Actions #3

Updated by The Foreman Bot about 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ori Rabin
  • Pull request https://github.com/theforeman/foreman/pull/5369 added
Actions #4

Updated by Tomer Brisker about 6 years ago

  • Subject changed from curl api to change power state on ovirt compute_resource exposes credentials to CVE-2018-1097: curl api to change power state on ovirt compute_resource exposes credentials
Actions #5

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5373 added
Actions #6

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5374 added
Actions #7

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5375 added
Actions #8

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5383 added
Actions #9

Updated by Tomer Brisker almost 6 years ago

  • translation missing: en.field_release set to 332
Actions #10

Updated by Ori Rabin almost 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #11

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/2331 added
Actions #12

Updated by Anonymous almost 6 years ago

  • Related to Bug #23212: Changing power state gives: NameError: uninitialized constant Fog::Compute::Ovirt added
Actions #13

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5371 added
Actions #14

Updated by The Foreman Bot over 4 years ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/4320 added
Actions

Also available in: Atom PDF