Description
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1072151
Issue Tracking x_refsource_confirm
http://projects.theforeman.org/issues/4457
Vendor Advisory x_refsource_confirm
http://theforeman.org/security.html
Scores
EPSS
0.0138
EPSS Percentile
68.7%
Details
CWE
CWE-287
Status
published
Products (8)
theforeman/foreman
1.0
theforeman/foreman
1.1
theforeman/foreman
1.2.0 (3 CPE variants)
theforeman/foreman
1.2.1
theforeman/foreman
1.2.2
theforeman/foreman
1.2.3
theforeman/foreman
1.4.0
theforeman/foreman
< 1.4.1
Published
May 08, 2014
Tracked Since
Feb 18, 2026