It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted.
Find out more about CVE-2014-3691 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 5.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Satellite 6.0 (foreman-proxy) | RHBA-2015:0054 | 2015-01-16 |
Red Hat Enterprise Linux OpenStack Platform 4.0 (foreman-proxy) | RHSA-2015:0288 | 2015-03-03 |
Red Hat Satellite Capsule 6.0 (foreman-proxy) | RHBA-2015:0054 | 2015-01-16 |
Red Hat Satellite 6.0 (foreman-proxy) | RHBA-2015:0054 | 2015-01-16 |
OpenStack Foreman (foreman-proxy) | RHSA-2015:0287 | 2015-03-03 |
Red Hat Satellite Capsule 6.0 (foreman-proxy) | RHBA-2015:0054 | 2015-01-16 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 6 | foreman-proxy | Affected |