Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/.
{
"cpe": [
"cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.11.0"
},
{
"last_affected": "1.11.0"
},
{
"introduced": "1.11.0-rc1"
},
{
"last_affected": "1.11.0-rc1"
},
{
"introduced": "1.11.0-rc2"
},
{
"last_affected": "1.11.0-rc2"
},
{
"introduced": "1.11.0-rc3"
},
{
"last_affected": "1.11.0-rc3"
},
{
"introduced": "1.11.1"
},
{
"last_affected": "1.11.1"
},
{
"introduced": "1.10.3"
},
{
"last_affected": "1.10.3"
}
],
"source": "CPE_STRING"
}{
"cpe": [
"cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.11.0"
},
{
"last_affected": "1.11.0"
},
{
"introduced": "1.11.0-rc1"
},
{
"last_affected": "1.11.0-rc1"
},
{
"introduced": "1.11.0-rc2"
},
{
"last_affected": "1.11.0-rc2"
},
{
"introduced": "1.11.0-rc3"
},
{
"last_affected": "1.11.0-rc3"
},
{
"introduced": "1.11.1"
},
{
"last_affected": "1.11.1"
},
{
"introduced": "1.10.3"
},
{
"last_affected": "1.10.3"
}
],
"source": "CPE_STRING"
}{
"cpe": [
"cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.11.0"
},
{
"last_affected": "1.11.0"
},
{
"introduced": "1.11.0-rc1"
},
{
"last_affected": "1.11.0-rc1"
},
{
"introduced": "1.11.0-rc2"
},
{
"last_affected": "1.11.0-rc2"
},
{
"introduced": "1.11.0-rc3"
},
{
"last_affected": "1.11.0-rc3"
},
{
"introduced": "1.11.1"
},
{
"last_affected": "1.11.1"
},
{
"introduced": "1.10.3"
},
{
"last_affected": "1.10.3"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}