3 matches found
CVE-2014-3691
Foreman/foreman-proxy is affected by CVE-2014-3691 due to failure to validate SSL certificates in SSL-enabled mode, allowing remote attackers to bypass authentication and issue arbitrary API requests without a certificate. Affected versions: Foreman prior to 1.5.4 and foreman-proxy in Foreman 1.6...
Important: Red Hat Security Advisory: foreman-proxy security update
Updated foreman-proxy packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform Foreman. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
FreeBSD : foreman-proxy SSL verification issue (c30c3a2e-4fb1-11e4-b275-14dae9d210b8)
Foreman Security reports : The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...