VIR Vulnerability Intelligence Relay

CVE-2012-5477

low
Published 2014-05-08 · Modified 2026-05-06
CVSS v3
CVSS v2
3.6
VIR risk
3.6

Description

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://theforeman.org/security.html

Application impact
VendorProductVersionsFixed
theforemanforeman{"endIncluding":"1.0"}

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.