ByteOS Network

NVD Vulnerability Details :

CVE-2013-4182

Deferred

Source-secalert@redhat.com

Published At-16 Sep, 2013 | 19:14

Updated At-11 Apr, 2025 | 00:51

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Red Hat, Inc.

>>openstack>>3.0

cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*

The Foreman

>>foreman>>Versions up to 1.2.1(inclusive)

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

The Foreman

>>foreman>>1.2.0

cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*

The Foreman

>>foreman>>1.2.0

cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*

The Foreman

>>foreman>>1.2.0

cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://projects.theforeman.org/issues/2863	secalert@redhat.com	Patch
http://rhn.redhat.com/errata/RHSA-2013-1196.html	secalert@redhat.com	N/A
http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=990374	secalert@redhat.com	N/A
http://projects.theforeman.org/issues/2863	af854a3a-2127-422b-91ae-364da2661108	Patch
http://rhn.redhat.com/errata/RHSA-2013-1196.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=990374	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History