CVE-2014-0192

Name of the Vulnerable Software and Affected Versions Foreman versions 1.4.0 through 1.4.x

Description The issue allows remote attackers to obtain sensitive information via the hostname parameter. This is related to spoofing, where access to provisioning template previews is not properly restricted.

Recommendations For Foreman versions 1.4.0 through 1.4.x, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the provisioning template previews to minimize the risk of exploitation. Avoid using the hostname parameter in sensitive operations until the issue is resolved.