CVE-2021-3494

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0

Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, allowing an unauthenticated attacker to perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality.

Recommendations: For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FreeIPA module of the Foreman smart proxy to minimize the risk of exploitation. Avoid using the smart proxy's restful API for sensitive operations until the issue is resolved.