CVE-2014-0090

Published: May 8, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

Affected (10)

Products: Theforeman: Foreman

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.4.1
Theforeman Foreman	Version 1.0
Theforeman Foreman	Version 1.1
Theforeman Foreman	Version 1.2.0
Theforeman Foreman	Version 1.2.0 rc1
Theforeman Foreman	Version 1.2.0 rc2
Theforeman Foreman	Version 1.2.1
Theforeman Foreman	Version 1.2.2
Theforeman Foreman	Version 1.2.3
Theforeman Foreman	Version 1.4.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://projects.theforeman.org/issues/4457

Source: secalert@redhat.com

http://theforeman.org/security.html

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1072151

Source: secalert@redhat.com

http://projects.theforeman.org/issues/4457

Source: af854a3a-2127-422b-91ae-364da2661108

http://theforeman.org/security.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1072151

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.