CVE-2017-2667 (hammer_cli_foreman): hammer_cli_foreman Improper Certificate Validation vulnerability

hammer_cli_foreman Improper Certificate Validation vulnerability

Published: May 13, 2022

SECURITY IDENTIFIERS

CVE: CVE-2017-2667 (NVD)
GHSA: GHSA-77h8-xr85-3x5q
Vendor Advisory: https://access.redhat.com/errata/RHSA-2018:0336

GEM

hammer_cli_foreman

SEVERITY

CVSS v3.x: 8.1 (High)

PATCHED VERSIONS

>= 0.10.0

DESCRIPTION

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

https://bugzilla.redhat.com/show_bug.cgi?id=1436262
http://projects.theforeman.org/issues/19033
http://www.securityfocus.com/bid/97153

RubySec