svn commit: r480422 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Sat Sep 22 16:50:20 UTC 2018
Author: sunpoet
Date: Sat Sep 22 16:50:19 2018
New Revision: 480422
URL: https://svnweb.freebsd.org/changeset/ports/480422
Log:
Document rubygem-smart_proxy_dynflow vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Sep 22 16:45:47 2018 (r480421)
+++ head/security/vuxml/vuln.xml Sat Sep 22 16:50:19 2018 (r480422)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2d6de6a8-fb78-4149-aeda-77fc8f140f06">
+ <topic>smart_proxy_dynflow -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-smart_proxy_dynflow</name>
+ <range><lt>0.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643">
+ <p>An authentication bypass flaw was found in the smart_proxy_dynflow
+ component used by Foreman. A malicious attacker can use this flaw to
+ remotely execute arbitrary commands on machines managed by vulnerable
+ Foreman instances, in a highly privileged context.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643</url>
+ <cvename>CVE-2018-14643</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-20</discovery>
+ <entry>2018-09-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="be1aada2-be6c-11e8-8fc6-000c29434208">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list