Описание
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Ссылки
- Issue TrackingVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Issue Tracking
- Issue TrackingVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.0 (исключая)
cpe:2.3:a:theforeman:hammer_cli:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_capsule:6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-345
CWE-295
Связанные уязвимости
CVSS3: 6.4
redhat
почти 9 лет назад
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
CVSS3: 8.1
debian
почти 8 лет назад
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...
CVSS3: 8.1
github
больше 3 лет назад
hammer_cli_foreman Improper Certificate Validation vulnerability
EPSS
Процентиль: 36%
0.00152
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-345
CWE-295