Описание
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 3 | ruby193-foreman | Not affected | ||
| Red Hat OpenStack Platform 4 | foreman | Not affected | ||
| Red Hat Satellite 6.0 | foreman | Fixed | RHEA-2014:1175 | 10.09.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-285->CWE-305
https://bugzilla.redhat.com/show_bug.cgi?id=1092354Foreman: provisioning templates are world accessible
EPSS
Процентиль: 65%
0.00493
Низкий
5 Medium
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
debian
больше 11 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...
github
больше 3 лет назад
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
EPSS
Процентиль: 65%
0.00493
Низкий
5 Medium
CVSS2