CVE-2017-2667
published 2018-03-12CVE-2017-2667: Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foreman | hammer_cli | — | — |
| redhat | satellite | — | — |
| redhat | satellite_capsule | — | — |
| theforeman | hammer_cli | < 0.10.0 | 0.10.0 |