CVE-2017-2667 – rubygem-hammer_cli: no verification of API server's SSL certificate

https://notcve.org/view.php?id=CVE-2017-2667

20 Feb 2018 — Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. Hammer CLI, una utilidad CLI para Foreman, en versiones anteriores a la 0.10.0, no estableció explícitamente la marca verify_ssl para apipie-bindings que lo deshabilita por defecto. Como resultado, los certificados del servidor no se comprueban y las ... • http://projects.theforeman.org/issues/19033 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •