First published: Fri Sep 14 2018(Updated: )
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Theforeman Foreman |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14643 is an authentication bypass flaw in the smart_proxy_dynflow component used by Foreman, which allows remote execution of arbitrary commands on vulnerable Foreman instances.
The severity of CVE-2018-14643 is critical with a CVSS score of 9.8.
CVE-2018-14643 affects smart_proxy_dynflow versions up to exclusive 0.1.11 and 0.2.0 exactly, as well as Theforeman Foreman.
To fix CVE-2018-14643, upgrade smart_proxy_dynflow to version 0.1.11 or 0.2.1, or apply the relevant patch provided by the vendor.
You can find more information about CVE-2018-14643 in the NVD, GitHub, and Red Hat Security Advisories.