CVE-2017-2667 (hammer_cli_foreman): hammer_cli_foreman Improper Certificate Validation vulnerability

ADVISORIES

CVE-2017-2667 (NVD)
GHSA-77h8-xr85-3x5q
Vendor Advisory

GEM

hammer_cli_foreman

SEVERITY

CVSS v3.x: 8.1 (High)

PATCHED VERSIONS

>= 0.10.0

DESCRIPTION

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

https://bugzilla.redhat.com/show_bug.cgi?id=1436262
http://projects.theforeman.org/issues/19033
http://www.securityfocus.com/bid/97153

RubySec

CVE-2017-2667 (hammer_cli_foreman): hammer_cli_foreman Improper Certificate Validation vulnerability

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories