VYPR

Vendor CVEs

Theforeman

All CVEs

98 total · sorted by risk
  • CVE-2021-20290Mar 25, 2022
    risk 0.00cvss epss 0.00

    An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources…

  • CVE-2021-3589Mar 23, 2022
    risk 0.00cvss epss 0.01

    An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system…

  • CVE-2021-3584Dec 23, 2021
    risk 0.00cvss epss 0.04

    A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity…

  • CVE-2021-20259Jun 7, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system…

  • CVE-2021-3469Jun 3, 2021
    risk 0.00cvss epss 0.00

    Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative…

  • CVE-2021-3457May 12, 2021
    risk 0.00cvss epss 0.00

    An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources…

  • CVE-2021-3494Apr 26, 2021
    risk 0.00cvss epss 0.00

    A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions…

  • CVE-2014-3590Jan 2, 2020
    risk 0.00cvss epss 0.01

    Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

  • CVE-2014-0183Jan 2, 2020
    risk 0.00cvss epss 0.01

    Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

  • CVE-2014-0091Dec 11, 2019
    risk 0.00cvss epss 0.02

    Foreman has improper input validation which could lead to partial Denial of Service

  • CVE-2013-4120Dec 10, 2019
    risk 0.00cvss epss 0.01

    Katello has a Denial of Service vulnerability in API OAuth authentication

  • CVE-2013-0283Dec 5, 2019
    risk 0.00cvss epss 0.01

    Katello: Username in Notification page has cross site scripting

  • CVE-2013-2101Dec 3, 2019
    risk 0.00cvss epss 0.01

    Katello has multiple XSS issues in various entities

  • CVE-2014-8183Aug 1, 2019
    risk 0.00cvss epss 0.01

    It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

  • CVE-2019-10198Jul 31, 2019
    risk 0.00cvss epss 0.02

    An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through…

  • CVE-2019-3893Apr 9, 2019
    risk 0.00cvss epss 0.02

    In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this…

  • CVE-2018-14623Dec 13, 2018
    risk 0.00cvss epss 0.01

    A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version…

  • CVE-2018-16861Dec 7, 2018
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code…

  • CVE-2018-14664Oct 12, 2018
    risk 0.00cvss epss 0.01

    A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be…

  • CVE-2018-1097HigApr 4, 2018
    risk 0.00cvss 8.8epss 0.02

    A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

  • CVE-2015-7518Dec 17, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit…

  • CVE-2015-3235Aug 14, 2015
    risk 0.00cvss epss 0.02

    Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.

  • CVE-2015-3155Aug 14, 2015
    risk 0.00cvss epss 0.02

    Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

  • CVE-2015-1844Aug 14, 2015
    risk 0.00cvss epss 0.02

    Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.

  • CVE-2015-1816Aug 14, 2015
    risk 0.00cvss epss 0.01

    Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

  • CVE-2014-3653Jul 6, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

  • CVE-2014-3691Mar 9, 2015
    risk 0.00cvss epss 0.02

    Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

  • CVE-2014-3712Nov 3, 2014
    risk 0.00cvss epss 0.02

    Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is…

  • CVE-2014-3492Jul 1, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.

  • CVE-2014-3491Jul 1, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.

  • CVE-2014-4507Jun 20, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.

  • CVE-2013-4455May 14, 2014
    risk 0.00cvss epss 0.00

    Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

  • CVE-2014-0192May 8, 2014
    risk 0.00cvss epss 0.02

    Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."

  • CVE-2014-0135May 8, 2014
    risk 0.00cvss epss 0.00

    Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

  • CVE-2014-0090May 8, 2014
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

  • CVE-2013-0210May 8, 2014
    risk 0.00cvss epss 0.02

    The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.

  • CVE-2013-0187May 8, 2014
    risk 0.00cvss epss 0.01

    Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

  • CVE-2013-0174May 8, 2014
    risk 0.00cvss epss 0.02

    The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.

  • CVE-2013-0173May 8, 2014
    risk 0.00cvss epss 0.01

    Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.

  • CVE-2013-0171May 8, 2014
    risk 0.00cvss epss 0.03

    Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

  • CVE-2012-5477May 8, 2014
    risk 0.00cvss epss 0.00

    The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.

  • CVE-2012-5648Apr 4, 2014
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.

  • CVE-2014-0089Mar 27, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.

  • CVE-2013-4386Nov 20, 2013
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

  • CVE-2013-4182Sep 16, 2013
    risk 0.00cvss epss 0.02

    app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

  • CVE-2013-4180Sep 16, 2013
    risk 0.00cvss epss 0.02

    The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

  • CVE-2012-6116Mar 1, 2013
    risk 0.00cvss epss 0.00

    modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

  • CVE-2012-5561Mar 1, 2013
    risk 0.00cvss epss 0.00

    script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.

Page 2 of 2