8 matches found
Improper Authorization
Overview smartproxysalt is a Saltstack plug-in for Foreman's Smart Proxy. Affected versions of this package are vulnerable to Improper Authorization by allowing foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to...
foreman: possible man-in-the-middle in smart_proxy realm_freeipa
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
Design/Logic Flaw
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
Critical: Red Hat Security Advisory: rubygem-smart_proxy_dynflow security update
An update for rubygem-smartproxydynflow is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter
It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user...
Foreman Smart-Proxy TFTP Detection
Binary data foremansmartproxytftpdetect.nbin...
Foreman Smart-Proxy TFTP Remote Command Injection
The remote web server is running a version of Foreman Smart-Proxy TFTP that is affected by a remote command injection vulnerability. An attacker can send a specially crafted URL that results in the execution of arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Foreman Smart-Proxy - Remote Command Injection
source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. curl -3 -H "Accept:application/json" -k -X POST -d...