CVE-2014-3691

Published: Mar 9, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

Affected (5)

Products: Redhat: Openstack · Theforeman: Foreman

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 4.0
Redhat Openstack	Version 5.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.5.3
Theforeman Foreman	Version 1.6.0
Theforeman Foreman	Version 1.6.1

Related CWEs

References (10)

http://projects.theforeman.org/issues/7822

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0287.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0288.html

Source: secalert@redhat.com

Third Party Advisory

https://github.com/theforeman/smart-proxy/pull/217

Source: secalert@redhat.com

Issue TrackingPatch

https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo

Source: secalert@redhat.com

http://projects.theforeman.org/issues/7822

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0287.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0288.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/theforeman/smart-proxy/pull/217

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.