Keqin Hong

Researcher fromRed Hat HSS Pen-Test Team
#21569of 53,635
11.1Total CVSS
Vulnerabilities · 2
Medium
2
PT-2014-3474
6.8
2014-05-08
Foreman · Foreman · CVE-2014-0090
**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.4.2 **Description** The issue allows remote attackers to hijack web sessions. This is achieved via the session id cookie. **Recommendations** For versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and sessions to minimize the risk of exploitation.
PT-2014-3473
4.3
2014-03-27
Foreman · Foreman · CVE-2014-0089
**Name of the Vulnerable Software and Affected Versions** Foreman versions 1.4.x through 1.4.1 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark. **Recommendations** For Foreman versions 1.4.x through 1.4.1, update to version 1.4.2 to resolve the issue.