Red Hat Security Advisory 2013-1196-01 - The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ A flaw was found in the API where insufficient privilege checks were conducted by the hosts controller, allowing any user with API access to control any host. A denial of service flaw was found in Foreman in the way user input was converted to a symbol. An authenticated user could create inputs that would lead to excessive memory consumption.
ace03ac6c822c32d10672878283f671d20296faf2b7ffc77cdcc5a707e3a197a