CVE-2013-0187Foreman vulnerability

CWE-2647 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Theforeman Foreman
Timeline
PublishedMay 8
Latest updateMay 5

Description

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-32hv-jrcj-jr38: Foreman before 12022-05-05
OSV
neutron vulnerabilities2014-06-25
CVEList
CVE-2013-0187: Foreman before 12014-05-08

📋Vendor Advisories

1
Red Hat
openstack-neutron: security groups bypass through invalid CIDR2014-04-22

💬Community

2
Bugzilla
CVE-2014-0187 openstack-neutron: security groups bypass through invalid CIDR2014-04-22
Bugzilla
CVE-2012-5920 GWT: unknown XSS flaw2012-10-31
CVE-2013-0187 — Theforeman Foreman vulnerability | cvebase