Theforeman: >> Foreman >> 1.1-1 Security Vulnerabilities
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
CVSS Score
8.1
EPSS Score
0.002
Published
2017-07-17