Directory traversal vulnerability in Smart-Proxy in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman 1.5.0 |
||
theforeman foreman |
||
theforeman foreman 1.4.3 |
||
theforeman foreman 1.4.1 |
||
theforeman foreman 1.4.2 |
||
theforeman foreman 1.4.0 |