Code injection

2013-09-1619:14:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

CPENameOperatorVersion
openstackeq3.0
foremanle1.2.1
foremaneq1.2.0 rc1
foremaneq1.2.0
foremaneq1.2.0 rc2

Name	Operator	Version
openstack	eq	3.0
foreman	le	1.2.1
foreman	eq	1.2.0 rc1
foreman	eq	1.2.0
foreman	eq	1.2.0 rc2

References

projects.theforeman.org/issues/2860

rhn.redhat.com/errata/RHSA-2013-1196.html

theforeman.org/manuals/1.2/index.html