CVE-2013-4180 — Improper Input Validation in Foreman

CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 23.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Redhat Openstack

Timeline

PublishedSep 16

Latest updateMay 17

Description

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDtheforeman/foreman1.2.1+1

▶NVDredhat/openstack3.0

Patches

Patch: theforeman.org ↗Patch: theforeman.org ↗

🔴Vulnerability Details

GHSA

GHSA-xjcv-72f4-4fxj: The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1↗2022-05-17

▶

CVEList

CVE-2013-4180: The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1↗2013-09-16

▶

📋Vendor Advisories

Red Hat

Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS↗2013-09-03

▶

💬Community

Bugzilla

CVE-2013-4180 Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS↗2013-07-29

▶