Lucene search

K

Veracode Vulnerability DatabaseVERACODE:14287

HistoryMay 02, 2019 - 4:45 a.m.

Arbitrary Code Execution

2019-05-0204:45:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.509

Percentile

97.5%

The Foreman is vulnerable to arbitrary code execution. Due to a flaw found in the create method of the Foreman Bookmarks controller. any user who can create a bookmark can execute malicious code with the privileges of the user running Foreman, giving them control of the system running Foreman and all systems managed by Foreman.

References

projects.theforeman.org/issues/2631

projects.theforeman.org/issues/2631

rhn.redhat.com/errata/RHSA-2013-0995.html

rhn.redhat.com/errata/RHSA-2013-0995.html

www.exploit-db.com/exploits/27045

www.exploit-db.com/exploits/27045

access.redhat.com/errata/RHEA-2014:1175

access.redhat.com/errata/RHSA-2013:0995

access.redhat.com/security/cve/CVE-2013-2121

access.redhat.com/security/updates/classification/#important

access.redhat.com/support/offerings/techpreview/

bugzilla.redhat.com/show_bug.cgi?id=966804

bugzilla.redhat.com/show_bug.cgi?id=966804

bugzilla.redhat.com/show_bug.cgi?id=968166

bugzilla.redhat.com/show_bug.cgi?id=969531

bugzilla.redhat.com/show_bug.cgi?id=971545

bugzilla.redhat.com/show_bug.cgi?id=972780

bugzilla.redhat.com/show_bug.cgi?id=975068

bugzilla.redhat.com/show_bug.cgi?id=976907

groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU

groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU

groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

rhn.redhat.com/errata/RHSA-2013-0995.html

EPSS

0.509

Percentile

97.5%

Related for VERACODE:14287

cve1 metasploit1 zdt1 packetstorm1 checkpoint_advisories1 prion1 cvelist1 exploitdb1 nvd1 redhat1