Lucene search
+L

79 matches found

CVE
CVE
added 2021/06/02 11:52 a.m.92 views

CVE-2020-14335

CVE-2020-14335 describes a vulnerability in Red Hat Satellite where a privileged attacker could read OMAPI secrets via the ISC DHCP server used by Smart-Proxy, potentially gaining control of DHCP records on the network. The CVE is listed with a local attack vector and a low to moderate overall ri...

5.5CVSS5.7AI score0.00249EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/02 12:0 a.m.4 views

PT-2021-9717 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite affected versions not specified Description: A flaw in Red Hat Satellite allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy, potentially gaining control of DHCP records from the network. T...

5.5CVSS6.9AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2021/05/13 11:9 a.m.4 views

Improper Authorization

Overview smartproxyshellhooks is a Provides easy integration with 3rd parties for Foreman Affected versions of this package are vulnerable to Improper Authorization. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server...

6.7CVSS6.7AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2021/05/12 3:15 p.m.20 views

CVE-2021-3457

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...

6.1CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2021/05/12 2:23 p.m.59 views

CVE-2021-3457

CVE-2021-3457 describes an improper authorization flaw in the Foreman Shellhooks plugin for the smart-proxy. The vulnerability allows an authenticated local attacker to access and delete resources and can cause a denial of service on the Foreman server. Affected component: smart_proxy_shellhooks ...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 2:23 p.m.21 views

CVE-2021-3457

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...

6.4AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2021/04/26 3:15 p.m.21 views

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

5.9CVSS0.00369EPSS
Exploits0References1
OSV
OSV
added 2021/04/26 3:15 p.m.23 views

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

5.9CVSS6.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/26 3:15 p.m.5 views

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

5.9CVSS6.7AI score0.00369EPSS
Exploits0References2
Prion
Prion
added 2021/04/26 3:15 p.m.15 views

Design/Logic Flaw

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

4.3CVSS5.8AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/26 2:13 p.m.97 views

CVE-2021-3494

CVE-2021-3494 affects the Foreman smart proxy’s FreeIPA module, where SSL certificate verification is not performed. This enables a potential Man-in-the-Middle attack if conditions are met, compromising confidentiality. Affected: Foreman/smart proxy versions before 2.5.0 (per NVD OSV notes). The ...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/26 2:13 p.m.25 views

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

6.2AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/26 12:0 a.m.6 views

PT-2021-20784 · Foreman +1 · Foreman +1

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL...

9CVSS7.5AI score0.03885EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.8 views

foreman: world-readable OMAPI secret through the ISC DHCP server

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability...

5.5CVSS7.3AI score0.00249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/04/13 5:52 a.m.49 views

CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

6.1CVSS1.7AI score0.00369EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/30 10:27 a.m.26 views

CVE-2021-3457

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...

6.1CVSS2.1AI score0.00242EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/30 10:27 a.m.52 views

CVE-2021-20290

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...

6.1CVSS1.5AI score0.0022EPSS
Exploits1References3
Gitee
Gitee
added 2021/01/10 9:44 p.m.5 views

Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...

7.1CVSS7.2AI score0.00194EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/09/07 2:49 p.m.47 views

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Mitigation...

5.8CVSS1.5AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2018/09/21 1:29 p.m.5 views

CVE-2018-14643

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

9.8CVSS6AI score0.06007EPSS
Exploits0References4
Rows per page
Query Builder