CVE Vulnerabilities

CVE-2013-4182

Published: Sep 16, 2013 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6.5 IMPORTANT
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

Affected Software

Name Vendor Start Version End Version
Openstack Redhat 3.0 (including) 3.0 (including)
OpenStack 3 for RHEL 6 RedHat ruby193-foreman-0:1.1.10014-1.2.el6ost *
Red Hat Satellite 6.0 RedHat foreman-0:1.6.0.44-1.el6sat *

References