Lucene search
K

18 matches found

RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.8 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS7AI score0.00274EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.42 views

Important: Red Hat Security Advisory: Satellite 6.16.7 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

10CVSS7.5AI score0.09436EPSS
Exploits3References15
RedHat Linux
RedHat Linux
added 2026/03/26 8:28 p.m.5 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS7AI score0.00274EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.9 views

foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.10 views

RHEL 9 : Satellite 6.18.4 Async Update (Important) (RHSA-2026:5968)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5968 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7AI score0.01945EPSS
Exploits3References24
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.7 views

RHEL 9 : Satellite 6.17.7 Async Update (Important) (RHSA-2026:5970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5970 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7.2AI score0.09436EPSS
Exploits3References31
OSV
OSV
added 2026/02/02 6:30 a.m.2 views

GHSA-2QXW-7FMX-GQFM foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References9
NVD
NVD
added 2026/02/02 6:16 a.m.9 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/02 5:47 a.m.5 views

EUVD-2026-5117

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 5:47 a.m.30 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/02 5:47 a.m.6 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/02 5:47 a.m.5 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References5
CVE
CVE
added 2026/02/02 5:47 a.m.24 views

CVE-2026-1531

CVE-2026-1531 affects foreman_kubevirt. When configuring the connection to OpenShift, SSL verification is disabled if a CA certificate is not explicitly provided, creating an insecure default. This enables a potential MITM when traffic between Satellite and OpenShift is intercepted, with possible...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.5 views

PT-2026-5613

Name of the Vulnerable Software and Affected Versions foreman kubevirt affected versions not specified Description A security issue exists in foreman kubevirt related to SSL verification when connecting to OpenShift. By default, the system disables SSL verification if a Certificate Authority CA...

8.1CVSS5.5AI score0.00274EPSS
Exploits0References13
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 1:22 p.m.6 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.7AI score0.00274EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 12:34 p.m.5 views

Improper Certificate Validation

Overview foremankubevirt is a Provision and manage Kubevirt Virtual Machines from Foreman. Affected versions of this package are vulnerable to Improper Certificate Validation due to the default configuration disabling SSL verification if a CA certificate is not explicitly provided. An attacker ca...

8.3CVSS5.6AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Foreman Kubevirt Plugin Trust Management Vulnerability

The Foreman Kubevirt Plugin is an open-source computing module plugin developed by Foreman. The Foreman Kubevirt Plugin has a vulnerability related to trust management. This vulnerability stems from insecure default SSL verification, which may lead to man-in-the-middle attacks...

8.1CVSS7.1AI score0.00274EPSS
Exploits0References3
Rows per page
Query Builder