Actions
Bug #32257
closed
CVE-2021-20290: Any client can perform Foreman actions
Difficulty:
trivial
Triaged:
No
Pull request:
Description
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
Updated by
Updated by The Foreman Bot about 3 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/80 added
Updated by The Foreman Bot about 3 years ago
- Fixed in Releases smart_proxy_openscap 0.7.5 added
Updated by Anonymous about 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset smart_proxy_openscap|3999f6bb420a25b5173b7e0a55f9f73cfc109c25.
Updated by The Foreman Bot about 3 years ago
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/81 added
Updated by The Foreman Bot about 3 years ago
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/82 added
Updated by The Foreman Bot about 3 years ago
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/83 added
Updated by The Foreman Bot about 3 years ago
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/84 added
Updated by Ondřej Pražák almost 3 years ago
- Related to Bug #32969: Skip trusted host check for OVAL endpoints added
Actions