VIR Vulnerability Intelligence Relay

CVE-2013-0171

high
Published 2014-05-08 · Modified 2026-05-06
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://theforeman.org/security.html

Application impact
VendorProductVersionsFixed
theforemanforeman{"endIncluding":"1.0"}

References

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.