Foreman prior to 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman |