Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse
Vulnerability Description
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
The Foreman foreman-mcp-server 授权问题漏洞
Vulnerability Description
The Foreman foreman-mcp-server是The Foreman组织的一个连接Foreman基础设施管理平台的MCP服务器。 The Foreman foreman-mcp-server存在授权问题漏洞,该漏洞源于会话管理问题,未经验证的攻击者可能劫持活动管理会话,导致权限提升和基础设施范围内的代码执行。
CVSS Information
N/A
Vulnerability Type
N/A