| Vulnerability Name: | CVE-2014-0192 (CCN-94068) | ||||||||
| Assigned: | 2013-12-03 | ||||||||
| Published: | 2014-05-08 | ||||||||
| Updated: | 2023-02-13 | ||||||||
| Summary: | Foreman could allow a remote attacker to bypass security restrictions, caused by the failure to properly restrict access to provisioning template previews. An attacker could exploit this vulnerability using the hostname parameter to gain access to the system. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0192 Source: secalert@redhat.com Type: Exploit, Vendor Advisory secalert@redhat.com Source: CCN Type: Foreman Web site Foreman Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: CCN Type: BID-67154 Foreman CVE-2014-0192 Access Bypass Vulnerability Source: CCN Type: Red Hat Bugzilla Bug 1092354 (CVE-2014-0192) CVE-2014-0192 Foreman: provisioning templates are world accessible Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: XF Type: UNKNOWN foreman-cve20140192-sec-bypass(94068) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||