VYPR
Vendor

Theforeman

Products
14
CVEs
98
Across products
107
Status
Private

Products

14

Recent CVEs

98
View all 98 CVEs →
  • CVE-2017-7505HigMay 26, 2017
    risk 0.57cvss 8.8epss 0.02

    Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope,…

  • CVE-2016-4475HigAug 19, 2016
    risk 0.57cvss 8.8epss 0.03

    The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified…

  • CVE-2016-3728HigMay 20, 2016
    risk 0.57cvss 8.8epss 0.03

    Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

  • CVE-2012-3503CriAug 25, 2012
    risk 0.57cvss 9.8epss 0.03

    The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web…

  • CVE-2015-5246HigOct 6, 2017
    risk 0.53cvss 8.1epss 0.01

    The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

  • CVE-2015-5152HigJul 17, 2017
    risk 0.53cvss 8.1epss 0.02

    Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

  • CVE-2016-3072HigJun 7, 2016
    risk 0.50cvss 8.8epss 0.02

    Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

  • CVE-2024-6861HigNov 6, 2024
    risk 0.49cvss 7.5epss 0.01

    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

  • CVE-2016-4996HigJul 17, 2017
    risk 0.46cvss 7.0epss 0.00

    discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading…

  • CVE-2017-2672MedJun 21, 2018
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.

  • CVE-2018-1096MedApr 5, 2018
    risk 0.42cvss 6.5epss 0.01

    An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

  • CVE-2024-8553MedOct 31, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can…

  • CVE-2016-8634MedAug 1, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS…

  • CVE-2016-9595HigJul 27, 2018
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

  • CVE-2017-7535MedJul 26, 2018
    risk 0.40cvss 6.1epss 0.01

    foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

  • CVE-2017-15100MedNov 27, 2017
    risk 0.40cvss 6.1epss 0.01

    An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics…

  • CVE-2016-6319MedAug 19, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

  • CVE-2016-8613MedJul 31, 2018
    risk 0.35cvss 6.4epss 0.02

    A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the…

  • CVE-2014-0208MedOct 16, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.

  • CVE-2016-6320MedAug 19, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.