Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0007 | 1 Theforeman | 1 Foreman | 2023-02-12 | 7.5 HIGH | N/A |
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | |||||
CVE-2013-4386 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. | |||||
CVE-2018-14643 | 1 Theforeman | 1 Foreman | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context. | |||||
CVE-2017-15100 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | |||||
CVE-2016-8634 | 1 Theforeman | 1 Foreman | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. | |||||
CVE-2016-8613 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. | |||||
CVE-2016-4995 | 1 Theforeman | 1 Foreman | 2023-02-12 | 3.5 LOW | 5.3 MEDIUM |
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname. | |||||
CVE-2016-4475 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. | |||||
CVE-2016-4451 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.0 MEDIUM | 5.0 MEDIUM |
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. | |||||
CVE-2016-3728 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | |||||
CVE-2015-7518 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. | |||||
CVE-2020-10710 | 1 Theforeman | 1 Foreman | 2022-12-07 | N/A | 4.4 MEDIUM |
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. | |||||
CVE-2019-3893 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2022-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. | |||||
CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2022-09-01 | N/A | 7.8 HIGH |
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-3590 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2022-08-26 | N/A | 8.8 HIGH |
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-3584 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2022-01-05 | 9.0 HIGH | 7.2 HIGH |
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. | |||||
CVE-2021-3469 | 1 Theforeman | 1 Foreman | 2021-06-10 | 3.5 LOW | 5.4 MEDIUM |
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. | |||||
CVE-2021-3494 | 1 Theforeman | 1 Foreman | 2021-05-04 | 4.3 MEDIUM | 5.9 MEDIUM |
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0. | |||||
CVE-2018-1096 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. | |||||
CVE-2017-7505 | 1 Theforeman | 1 Foreman | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. |