An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NRed Hat Satellite
APPRedhat6.6Theforeman Foreman Tasks
APPTheforeman< 0.15.7
Related vulnerabilities
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...
Authentication bypass w Pulpcore/Red Hat Satellite przez nagłówek HTTP
Authentication Bypass w Foreman/Red Hat Satellite via zniekształcony nagłówek HTTP
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in t...