Main Vulnerability Database Vulnerabilities #VU41711

Code Injection in Foreman - CVE-2013-0210

Published: May 8, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41711

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-0210

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foreman

Affected software:
Foreman

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.

How to mitigate CVE-2013-0210

Install update from vendor's website.

Sources

http://theforeman.org/security.html

Code Injection in Foreman - CVE-2013-0210

Detailed vulnerability description

How to mitigate CVE-2013-0210

Sources

Please verify you're human