FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

foreman-proxy SSL verification issue

Affected packages
foreman-proxy < 1.6.2

Details

VuXML ID c30c3a2e-4fb1-11e4-b275-14dae9d210b8
Discovery 2014-05-09
Entry 2014-10-09

Foreman Security reports:

The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting control of Puppet CA, DHCP, DNS etc.)

[source]

References

CVE Name CVE-2014-3691
URL https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.