CVE-2014-0192 - provisioning templates are world accessible
|Assigned To:||Ohad Levy|
|Target version:||Sprint 23|
|Found in release:||1.4.0||Pull request:|
|Velocity based estimate||-|
since 1e0fd283 it is possible to override spoof by providing a hostname parameters.
this would allow to retrieve any template of any host bypassing authentication.
fixes #5436 - provisioning templates are world accessible
(cherry picked from commit aa0ebe8eef311875695135c1714cb09225e8cd13)
#2 Updated by Dominic Cleal over 3 years ago
- Found in release changed from nightly to 1.4.0
Hm, I think I see from the code - we're only applying the authorisation filters when the spoof parameter isn't used, in the assumption that this is the only parameter needing protection. Bit messy.
This has probably been in since 5b70f0e0 / #359, so Foreman 1.4.0 and above are affected.