smart_proxy_dynflow is vulnerable to authentication bypass. This is due to a lack of authorization with the SSL clients and trusted hosts, which allows a remote attacker is able to execute arbitrary commands with high privileges.
CPE | Name | Operator | Version |
---|---|---|---|
smart_proxy_dynflow | le | 0.2.0 | |
smart_proxy_dynflow | le | 0.2.0 |
www.securityfocus.com/bid/105375
access.redhat.com/errata/RHSA-2018:2733
access.redhat.com/security/cve/CVE-2018-14643
bugzilla.redhat.com/show_bug.cgi?id=1629063
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643
github.com/theforeman/smart_proxy_dynflow/commit/4b5779bc11e8f0b92649e4de062335698114689c
github.com/theforeman/smart_proxy_dynflow/pull/54