CVE-2018-14643 - An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A mali

CVE-2018-14643

Summary

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

References

https://github.com/theforeman/smart_proxy_dynflow/pull/54
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643
https://access.redhat.com/errata/RHSA-2018:2733
http://www.securityfocus.com/bid/105375

Vulnerable Configurations

cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 12-02-2023 - 23:32)
Impact:
Exploitability:

CWE

CWE-592

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa

id	RHSA-2018:2733

rpms

rubygem-smart_proxy_dynflow-0:0.1.10.2-1.el7sat

refmap via4

bid	105375
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643 https://github.com/theforeman/smart_proxy_dynflow/pull/54

Last major update

12-02-2023 - 23:32

Published

21-09-2018 - 13:29

Last modified

12-02-2023 - 23:32