Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
CVSS Information
N/A
Vulnerability Type
CWE-592
Vulnerability Title
foreman-tasks 授权问题漏洞
Vulnerability Description
Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。foreman-tasks是其中的一个任务管理引擎和插件。 foreman-tasks 0.15.7之前版本中存在授权绕过漏洞。攻击者可利用该漏洞绕过安全限制并获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A