79 matches found
CVE-2020-14335
CVE-2020-14335 describes a vulnerability in Red Hat Satellite where a privileged attacker could read OMAPI secrets via the ISC DHCP server used by Smart-Proxy, potentially gaining control of DHCP records on the network. The CVE is listed with a local attack vector and a low to moderate overall ri...
PT-2021-9717 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite affected versions not specified Description: A flaw in Red Hat Satellite allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy, potentially gaining control of DHCP records from the network. T...
Improper Authorization
Overview smartproxyshellhooks is a Provides easy integration with 3rd parties for Foreman Affected versions of this package are vulnerable to Improper Authorization. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server...
CVE-2021-3457
An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...
CVE-2021-3457
CVE-2021-3457 describes an improper authorization flaw in the Foreman Shellhooks plugin for the smart-proxy. The vulnerability allows an authenticated local attacker to access and delete resources and can cause a denial of service on the Foreman server. Affected component: smart_proxy_shellhooks ...
CVE-2021-3457
An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
Design/Logic Flaw
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
CVE-2021-3494
CVE-2021-3494 affects the Foreman smart proxy’s FreeIPA module, where SSL certificate verification is not performed. This enables a potential Man-in-the-Middle attack if conditions are met, compromising confidentiality. Affected: Foreman/smart proxy versions before 2.5.0 (per NVD OSV notes). The ...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
PT-2021-20784 · Foreman +1 · Foreman +1
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL...
foreman: world-readable OMAPI secret through the ISC DHCP server
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
CVE-2021-3457
An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...
CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...
Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...
CVE-2020-14335
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Mitigation...
CVE-2018-14643
An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...