Domcleal

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.5.4 Foreman versions 1.6.x prior to 1.6.2 **Description** The issue allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate, due to the failure to validate SSL certificates. **Recommendations** For Foreman versions prior to 1.5.4, update to version 1.5.4 or later. For Foreman versions 1.6.x prior to 1.6.2, update to version 1.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** Augeas versions 1.0.0 through 1.1.0 **Description** The issue is related to the `transform save` function in `transform.c` which does not properly calculate permission values when the umask contains a "7". This causes world-writable permissions to be used for new files, allowing local users to modify the files. The exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. It can be exploited locally. **Recommendations** For Augeas versions 1.0.0 through 1.1.0, consider updating to a version where the `transform save` function is properly fixed to handle permission values correctly. As a temporary workaround, restrict access to files created by the `transform save` function to minimize the risk of exploitation. Avoid using the `umask` with a value containing "7" in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.