6.8
CVSSv2

CVE-2014-0090

Published: 08/05/2014 Updated: 09/05/2014
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Session fixation vulnerability in Foreman prior to 1.4.2 allows remote malicious users to hijack web sessions via the session id cookie.

Affected Products

Vendor Product Versions
TheforemanForeman1.0, 1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.4.0, 1.4.1