CVE-2015-5152

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt