CVE-2013-4182

Опубликовано: 16 сент. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия до 1.2.1 (включая)

cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00703

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2013-4182

ubuntu

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

CVE-2013-4182

redhat

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

CVE-2013-4182

debian

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 doe ...

GHSA-7c48-4v8r-g293

github

больше 3 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

EPSS

Процентиль: 72%

0.00703

Низкий

7.5 High

CVSS2

Дефекты

CWE-264