Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0192

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-0192
Last Modified 08 May 2014 02:21:06
Published 08 May 2014 10:29:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0192

Summary

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."

Vulnerable Systems

Application

  • Theforeman Foreman 1.4.0

  • Theforeman Foreman 1.4.1

  • Theforeman Foreman 1.4.2

  • Theforeman Foreman 1.4.3

  • Theforeman Foreman 1.4.4


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1092354

CONFIRM - http://theforeman.org/security.html

CONFIRM - http://projects.theforeman.org/issues/5436


Last Updated: 27 May 2016 11:05:13