CVE-2021-3494

Summary

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.

Affected Software

VendorProductVersion RangeStatus
n/aforemanforeman 2.5.0affected

Weaknesses

  • CWE-319: CWE-319

ADP Enrichment

CVE Program Container

Additional References

References