17 matches found
RHSA-2015:0287 Red Hat Security Advisory: foreman-proxy security update
Bulletin has no description...
RHSA-2015:0288 Red Hat Security Advisory: foreman-proxy security update
Bulletin has no description...
RHSA-2014:0770 Red Hat Security Advisory: foreman-proxy security update
Bulletin has no description...
RHEL 6 : foreman-proxy (RHSA-2014:0770)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0770 advisory. The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. A shell command...
Authorization
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority CA to sign certificate requests that have subject alternative names SANs. Foreman d...
CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a...
Foreman 安全漏洞
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. Foreman has a security vulnerability that can be exploited by an attacker to emulate foreman-proxy...
Authentication Bypass
foreman-proxy is vulnerable to authorization bypass. A lack of validation of the SSL certificates allows a remote attacker to bypass authentication and perform arbitrary API requests without a certificate...
OS Command Injection
foreman-proxy is vulnerable to OS command injection. The path parameter to tftp/fetchbootfile in the TFTP module is not validated and verified, which would allow a remote attacker to inject arbitrary OS commands on the system to be executed in the context of the foreman-proxy process worker...
foreman-proxy: failure to verify SSL certificates
It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...
Important: Red Hat Security Advisory: foreman-proxy security update
Updated foreman-proxy packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform Foreman. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: foreman-proxy security update
Updated foreman-proxy packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
foreman-proxy: failure to verify SSL certificates
It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...
foreman-proxy: failure to verify SSL certificates
It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...
FreeBSD : foreman-proxy SSL verification issue (c30c3a2e-4fb1-11e4-b275-14dae9d210b8)
Foreman Security reports : The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...
Critical: Red Hat Security Advisory: foreman-proxy security update
An updated foreman-proxy package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which...
foreman-proxy: smart-proxy remote command injection
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...