Project

General

Profile

Actions

Bug #5436

closed

CVE-2014-0192 - provisioning templates are world accessible

Added by Ohad Levy over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Unattended installations
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

since 1e0fd283 it is possible to override spoof by providing a hostname parameters.

this would allow to retrieve any template of any host bypassing authentication.


Related issues 1 (0 open1 closed)

Has duplicate Foreman - Bug #5463: No authentication required for /unattended/provision?hostname=HOSTNAMEDuplicate04/26/2014Actions
Actions

Also available in: Atom PDF