CVE-2014-0090Improper Authentication in Foreman

CWE-287Improper AuthenticationCWE-384Session Fixation5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.6%
top 31.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Theforeman Foreman
Timeline
PublishedMay 8
Latest updateMay 17

Description

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDtheforeman/foreman1.4.1+7

🔴Vulnerability Details

2
GHSA
GHSA-5f2c-vhf8-frf8: Session fixation vulnerability in Foreman before 12022-05-17
CVEList
CVE-2014-0090: Session fixation vulnerability in Foreman before 12014-05-08

📋Vendor Advisories

1
Red Hat
Foreman: Session fixation2014-03-24

💬Community

1
Bugzilla
CVE-2014-0090 Foreman: Session fixation2014-03-04
CVE-2014-0090 — Improper Authentication in Foreman | cvebase