CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0241
https://notcve.org/view.php?id=CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable rubygem-hammer_cli_foreman: El archivo /etc/hammer/cli.modules.d/foreman.yml es de tipo world readable. • https://access.redhat.com/security/cve/cve-2014-0241 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2667 – rubygem-hammer_cli: no verification of API server's SSL certificate
https://notcve.org/view.php?id=CVE-2017-2667
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. Hammer CLI, una utilidad CLI para Foreman, en versiones anteriores a la 0.10.0, no estableció explícitamente la marca verify_ssl para apipie-bindings que lo deshabilita por defecto. Como resultado, los certificados del servidor no se comprueban y las conexiones son propensas a ataques Man-in-the-Middle (MitM). It was found that the hammer_cli command line client disables SSL/TLS certificate verification by default. • http://projects.theforeman.org/issues/19033 http://www.securityfocus.com/bid/97153 https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1436262 https://access.redhat.com/security/cve/CVE-2017-2667 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •