CVE-2014-3691
published 2015-03-09CVE-2014-3691: Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| theforeman | foreman | <= 1.5.3 | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |