2 matches found
CVE-2013-4182
app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...
CVE-2013-4182
CVE-2013-4182 affects Foreman prior to 1.2.2, specifically the API at /api/v1/hosts handled by hosts_controller.rb, where access checks were insufficient. This allowed remote attackers to access arbitrary hosts via the API request. The publicly documented remediation is to upgrade to Foreman 1.2....