Lucene search
+L

18 matches found

redhat
redhat
added 2026/03/26 8:30 p.m.8 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS7AI score0.00274EPSS
Exploits0References4
redhat
redhat
added 2026/03/26 8:30 p.m.56 views

Important: Red Hat Security Advisory: Satellite 6.16.7 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

10CVSS7.5AI score0.09436EPSS
Exploits3References15
redhat
redhat
added 2026/03/26 8:28 p.m.5 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS7AI score0.00274EPSS
Exploits0References4
redhat
redhat
added 2026/03/26 7:47 p.m.9 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References4
nessus
nessus
added 2026/03/26 12:0 a.m.10 views

RHEL 9 : Satellite 6.18.4 Async Update (Important) (RHSA-2026:5968)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5968 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7AI score0.01408EPSS
Exploits3References24
nessus
nessus
added 2026/03/26 12:0 a.m.7 views

RHEL 9 : Satellite 6.17.7 Async Update (Important) (RHSA-2026:5970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5970 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7.2AI score0.09436EPSS
Exploits3References31
osv
osv
added 2026/02/02 6:30 a.m.2 views

GHSA-2QXW-7FMX-GQFM foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References9
nvd
nvd
added 2026/02/02 6:16 a.m.11 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/02/02 5:47 a.m.7 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
euvd
euvd
added 2026/02/02 5:47 a.m.6 views

EUVD-2026-5117

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/02 5:47 a.m.6 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References5
cvelist
cvelist
added 2026/02/02 5:47 a.m.34 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References5
cve
cve
added 2026/02/02 5:47 a.m.29 views

CVE-2026-1531

CVE-2026-1531 affects foreman_kubevirt. When configuring the connection to OpenShift, SSL verification is disabled if a CA certificate is not explicitly provided, creating an insecure default. This enables a potential MITM when traffic between Satellite and OpenShift is intercepted, with possible...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
rubygems
rubygems
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.6 views

PT-2026-5613

Name of the Vulnerable Software and Affected Versions foreman kubevirt affected versions not specified Description A security issue exists in foreman kubevirt related to SSL verification when connecting to OpenShift. By default, the system disables SSL verification if a Certificate Authority CA...

8.1CVSS5.5AI score0.00274EPSS
Exploits0References13
redhatcve
redhatcve
added 2026/01/28 1:22 p.m.6 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.7AI score0.00274EPSS
Exploits0References3
snyk
snyk
added 2026/01/28 12:34 p.m.5 views

Improper Certificate Validation

Overview foremankubevirt is a Provision and manage Kubevirt Virtual Machines from Foreman. Affected versions of this package are vulnerable to Improper Certificate Validation due to the default configuration disabling SSL verification if a CA certificate is not explicitly provided. An attacker ca...

8.3CVSS5.6AI score0.00274EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/28 12:0 a.m.7 views

Foreman Kubevirt Plugin Trust Management Vulnerability

The Foreman Kubevirt Plugin is an open-source computing module plugin developed by Foreman. The Foreman Kubevirt Plugin has a vulnerability related to trust management. This vulnerability stems from insecure default SSL verification, which may lead to man-in-the-middle attacks...

8.1CVSS7.1AI score0.00274EPSS
Exploits0References3
Rows per page
Query Builder