Foreman · Foreman · CVE-2013-4182
**Name of the Vulnerable Software and Affected Versions**
Foreman versions prior to 1.2.2
**Description**
The issue is related to improper access restriction to hosts in the Foreman application. This allows remote attackers to access arbitrary hosts via an API request to the `/api/v1/hosts` endpoint, which is handled by the `hosts controller.rb` file in `app/controllers/api/v1/`.
**Recommendations**
For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/api/v1/hosts` API endpoint until the update is applied.