CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-14643

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile10.75th
Published2018年9月21日
Last Modified2024年11月21日

Vulnerability Description

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

Affected Platforms (CPE)

📦
Theforeman

Foreman

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/105375
🔗 https://access.redhat.com/errata/RHSA-2018:2733
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643
🔗 https://github.com/theforeman/smart_proxy_dynflow/pull/54
🔗 http://www.securityfocus.com/bid/105375
🔗 https://access.redhat.com/errata/RHSA-2018:2733
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643
🔗 https://github.com/theforeman/smart_proxy_dynflow/pull/54

相關漏洞威脅

CVE-2017-75409.8

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Rub...

CVE-2016-44758.8

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticat...

CVE-2021-35908.8

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO...

CVE-2016-37288.8

Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11....