A vulnerability was found in Theforeman Foreman up to 1.5.0 (Service Management Software). It has been classified as critical. This affects some unknown processing. The manipulation of the argument dst with an unknown input leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on integrity, and availability. The summary by CVE is:

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.

The weakness was published 06/20/2014 (Website). The advisory is shared at projects.theforeman.org. This vulnerability is uniquely identified as CVE-2014-4507 since 06/20/2014. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1006 for this issue.

Upgrading to version 1.4.4 eliminates this vulnerability.

Similar entry is available at 70121.

Productinfo

Type

• Service Management Software

Vendor

• Theforeman

Name

• Foreman

Version

• 1.4.0
• 1.4.1
• 1.4.2
• 1.4.3
• 1.4.4
• 1.5.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion