CVE-2014-4507Path Traversal in Foreman

CWE-22Path Traversal3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.8%
top 25.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Theforeman Foreman
Timeline
PublishedJun 20
Latest updateMay 17

Description

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDtheforeman/foreman1.4.4+5

Patches

Patch: projects.theforeman.orgPatch: projects.theforeman.org

🔴Vulnerability Details

2
GHSA
GHSA-6wqr-674j-j3cx: Directory traversal vulnerability in Smart-Proxy in Foreman before 12022-05-17
CVEList
CVE-2014-4507: Directory traversal vulnerability in Smart-Proxy in Foreman before 12014-06-20
CVE-2014-4507 — Path Traversal in Theforeman Foreman | cvebase