Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to spoof.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Foreman | Theforeman | 1.4.0 (including) | 1.4.0 (including) |
Foreman | Theforeman | 1.4.1 (including) | 1.4.1 (including) |
Foreman | Theforeman | 1.4.2 (including) | 1.4.2 (including) |
Foreman | Theforeman | 1.4.3 (including) | 1.4.3 (including) |
Foreman | Theforeman | 1.4.4 (including) | 1.4.4 (including) |