Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman prior to 1.5.4 and 1.6.x prior to 1.6.2 does not validate SSL certificates, which allows remote malicious users to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openstack 4.0 |
||
redhat openstack 5.0 |
||
theforeman foreman |
||
theforeman foreman 1.6.0 |
||
theforeman foreman 1.6.1 |