FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

foreman-proxy SSL verification issue

Affected packages
foreman-proxy < 1.6.2


VuXML ID c30c3a2e-4fb1-11e4-b275-14dae9d210b8
Discovery 2014-05-09
Entry 2014-10-09

Foreman Security reports:

The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting control of Puppet CA, DHCP, DNS etc.)


CVE Name CVE-2014-3691