CVE-2013-4182

Опубликовано: 03 сент. 2013

Источник: redhat

CVSS2: 6.5

EPSS Низкий

Описание

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 4	ruby193-foreman	Affected
OpenStack 3 for RHEL 6	ruby193-foreman	Fixed	RHSA-2013:1196	03.09.2013
Red Hat Satellite 6.0	foreman	Fixed	RHEA-2014:1175	10.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-862

https://bugzilla.redhat.com/show_bug.cgi?id=990374foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation

EPSS

Процентиль: 72%

0.00703

Низкий

6.5 Medium

CVSS2

Связанные уязвимости

CVE-2013-4182

ubuntu

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

CVE-2013-4182

nvd

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

CVE-2013-4182

debian

больше 12 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 doe ...

GHSA-7c48-4v8r-g293

github

больше 3 лет назад

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

EPSS

Процентиль: 72%

0.00703

Низкий

6.5 Medium

CVSS2