VYPR

Foreman

by Theforeman

gem: foreman

Source repositories

CVEs (75)

  • CVE-2017-7505HigMay 26, 2017
    risk 0.57cvss 8.8epss 0.02

    Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope,…

  • CVE-2016-4475HigAug 19, 2016
    risk 0.57cvss 8.8epss 0.03

    The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified…

  • CVE-2016-3728HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

  • CVE-2015-5246HigOct 6, 2017
    risk 0.53cvss 8.1epss 0.01

    The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

  • CVE-2015-5152HigJul 17, 2017
    risk 0.53cvss 8.1epss 0.02

    Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

  • CVE-2024-6861HigNov 6, 2024
    risk 0.49cvss 7.5epss 0.01

    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

  • CVE-2016-4996HigJul 17, 2017
    risk 0.46cvss 7.0epss 0.00

    discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading…

  • CVE-2018-1096MedApr 5, 2018
    risk 0.42cvss 6.5epss 0.01

    An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

  • CVE-2024-8553MedOct 31, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can…

  • CVE-2016-8634MedAug 1, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS…

  • CVE-2017-7535MedJul 26, 2018
    risk 0.40cvss 6.1epss 0.01

    foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

  • CVE-2017-15100MedNov 27, 2017
    risk 0.40cvss 6.1epss 0.01

    An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics…

  • CVE-2016-6319MedAug 19, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

  • CVE-2016-8613MedJul 31, 2018
    risk 0.35cvss 6.4epss 0.02

    A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the…

  • CVE-2014-0208MedOct 16, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.

  • CVE-2016-6320MedAug 19, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.

  • CVE-2016-5390MedAug 19, 2016
    risk 0.35cvss 5.3epss 0.01

    Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to…

  • CVE-2016-4995MedAug 19, 2016
    risk 0.35cvss 5.3epss 0.01

    Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

  • CVE-2016-2100MedMay 20, 2016
    risk 0.35cvss 5.4epss 0.01

    Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

  • CVE-2016-8639MedAug 1, 2018
    risk 0.33cvss 6.1epss 0.01

    It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

Page 1 of 4