Описание
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
Ссылки
- ExploitVendor Advisory
- Vendor Advisory
- Patch
- ExploitVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00493
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
redhat
почти 12 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
debian
больше 11 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...
github
больше 3 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
EPSS
Процентиль: 65%
0.00493
Низкий
5 Medium
CVSS2
Дефекты
CWE-264