CVE-2014-0192
published 2014-05-08CVE-2014-0192: Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.54%
71.7th percentile
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2r38-hrvx-f45r: Foreman 1
ghsa_unreviewed·2022-05-17
CVE-2014-0192 [MEDIUM] GHSA-2r38-hrvx-f45r: Foreman 1
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
Red Hat
Foreman: provisioning templates are world accessible
vendor_redhat·2014-04-25·CVSS 5.0
CVE-2014-0192 [MEDIUM] CWE-285 Foreman: provisioning templates are world accessible
Foreman: provisioning templates are world accessible
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
Package: ruby193-foreman (Red Hat OpenStack Platform 3) - Not affected
Package: foreman (Red Hat OpenStack Platform 4) - Not affected
No detection rules found.
No public exploits indexed.
2014-05-08
Published