GHSA-f274-c23v-hx4jMediumCVSS 4.4

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and...

Published
June 30, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.

🔗 References (4)