Описание
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | foreman | Not affected | ||
| Red Hat Satellite 6 | foreman | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
2.1 Low
CVSS2
Связанные уязвимости
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authentica ...
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
EPSS
3.3 Low
CVSS3
2.1 Low
CVSS2