CVE-2021-3494 – foreman: possible man-in-the-middle in smart_proxy realm_freeipa
https://notcve.org/view.php?id=CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0. Un proxy inteligente que proporciona una API restful a varios subsistemas del Foreman está afectado por un fallo que puede causar un ataque de tipo Man-in-the-Middle. • https://bugzilla.redhat.com/show_bug.cgi?id=1948005 https://access.redhat.com/security/cve/CVE-2021-3494 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-3413 – Satellite: Azure compute resource secret_key leak to authenticated users
https://notcve.org/view.php?id=CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite en tfm-rubygem-foreman_azure_rm en versiones anteriores a 2.2.0. Se identificó una filtración de credenciales que expondrá la clave secreta de Azure Resource Manager mediante la salida JSON de la API. • https://bugzilla.redhat.com/show_bug.cgi?id=1930352 https://access.redhat.com/security/cve/CVE-2021-3413 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0241
https://notcve.org/view.php?id=CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable rubygem-hammer_cli_foreman: El archivo /etc/hammer/cli.modules.d/foreman.yml es de tipo world readable. • https://access.redhat.com/security/cve/cve-2014-0241 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241 • CWE-522: Insufficiently Protected Credentials •
CVE-2014-0091
https://notcve.org/view.php?id=CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service Foreman presenta una comprobación de entrada inapropiada lo que podría conllevar a una Denegación de Servicio parcial. • https://access.redhat.com/security/cve/cve-2014-0091 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091 https://security-tracker.debian.org/tracker/CVE-2014-0091 • CWE-20: Improper Input Validation •
CVE-2013-4120
https://notcve.org/view.php?id=CVE-2013-4120
Katello has a Denial of Service vulnerability in API OAuth authentication Katello tiene una vulnerabilidad de denegación de servicio en la autenticación de la API OAuth. • https://access.redhat.com/security/cve/cve-2013-4120 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120 • CWE-400: Uncontrolled Resource Consumption •