Lucene search
HistorySep 16, 2013 - 7:14 p.m.
CVE-2013-4182
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.007
Percentile
80.9%
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
Affected configurations
Node
redhatopenstackMatch3.0
Node
theforemanforemanRange≤1.2.1
ORtheforemanforemanMatch1.2.0
ORtheforemanforemanMatch1.2.0rc1
ORtheforemanforemanMatch1.2.0rc2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | openstack | 3.0 | cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:* |
| theforeman | foreman | * | cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:* |
| theforeman | foreman | 1.2.0 | cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:* |
| theforeman | foreman | 1.2.0 | cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:* |
| theforeman | foreman | 1.2.0 | cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2013-09-16 19:14:00
ubuntucve
ubuntucve
CVE-2013-4182
2013-09-16 00:00:00
cvelist
cvelist
CVE-2013-4182
2013-09-16 19:00:00
cve
cve
CVE-2013-4182
2013-09-16 19:14:38
veracode
veracode
Exposed API
2020-08-04 00:48:08
redhat
redhat
(RHSA-2013:1196) Important: Foreman security update
2013-09-03 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.007
Percentile
80.9%
Related for NVD:CVE-2013-4182