High severity8.1NVD Advisory· Published Mar 12, 2018· Updated Jun 17, 2026
CVE-2017-2667
CVE-2017-2667
Description
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hammer_cli_foremanRubyGems | < 0.10.0 | 0.10.0 |
Affected products
2- Foreman/Hammer CLIv5Range: 0.10.0
Patches
Vulnerability mechanics
References
8- projects.theforeman.org/issues/19033nvdIssue TrackingVendor AdvisoryWEB
- www.securityfocus.com/bid/97153nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2018:0336nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-77h8-xr85-3x5qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-2667ghsaADVISORY
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.ymlghsaWEB
- web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153ghsaWEB
News mentions
0No linked articles in our index yet.