Main Vulnerability Database Vulnerabilities #VU41707

Permissions, Privileges, and Access Controls in Foreman - CVE-2014-0192

Published: May 8, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41707

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0192

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foreman

Affected software:
Foreman

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."

How to mitigate CVE-2014-0192

Install update from vendor's website.

Sources

http://projects.theforeman.org/issues/5436
http://theforeman.org/security.html
https://bugzilla.redhat.com/show_bug.cgi?id=1092354

Permissions, Privileges, and Access Controls in Foreman - CVE-2014-0192

Detailed vulnerability description

How to mitigate CVE-2014-0192

Sources

Please verify you're human