Red Hat Bugzilla – Bug 1092354
CVE-2014-0192 Foreman: provisioning templates are world accessible
Last modified: 2016-04-26 11:22:43 EDT
Ohad Levy of Red Hat reports:
since 1e0fd283 it is possible to override spoof by providing a hostname parameters.
this would allow to retrieve any template of any host bypassing authentication.
http://theforeman.org/security.html updated with statement.