Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman - vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underly...
Redhat Satellite 6.0
Theforeman Foreman -
9.1
CVSSv3
CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Theforeman Foreman
Redhat Satellite
9.1
CVSSv3
CVE-2023-0118
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Theforeman Foreman
Redhat Satellite
8.8
CVSSv3
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
8.8
CVSSv3
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman Foreman
Redhat Satellite 6.0
8.8
CVSSv3
CVE-2018-1097
A flaw was found in foreman prior to 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Theforeman Foreman
Redhat Satellite 6.4
8.8
CVSSv3
CVE-2017-7505
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such...
Theforeman Foreman 1.12.3
Theforeman Foreman 1.13.0
Theforeman Foreman 1.12.4
Theforeman Foreman 1.9.2
Theforeman Foreman 1.10.0
Theforeman Foreman 1.9.3
Theforeman Foreman 1.12.0
Theforeman Foreman 1.11.3
Theforeman Foreman 1.9.0
Theforeman Foreman 1.8.3
Theforeman Foreman 1.9.1
Theforeman Foreman 1.8.4
Theforeman Foreman 1.5.0
Theforeman Foreman 1.5.1
Theforeman Foreman 1.12.1
Theforeman Foreman 1.12.2
Theforeman Foreman 1.13.2
Theforeman Foreman 1.13.3
Theforeman Foreman 1.14.3
Theforeman Foreman 1.15.0
Theforeman Foreman 1.10.1
Theforeman Foreman 1.11.1
8.1
CVSSv3
CVE-2017-2667
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Theforeman Hammer Cli
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
8.1
CVSSv3
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Theforeman Foreman 1.9.0
8.1
CVSSv3
CVE-2015-5152
Foreman after 1.1 and prior to 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote malicious users to obtain user credentials via a man-in-the-middle attack.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.3.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.2.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.2.1
Theforeman Foreman 1.8.0
Theforeman Foreman 1.7.4
Theforeman Foreman 1.7.5
Theforeman Foreman 1.7.0
Theforeman Foreman 1.4.2
Theforeman Foreman 1.8.1
Theforeman Foreman 1.5.0
Theforeman Foreman 1.2.0
Theforeman Foreman 1.5.2
Theforeman Foreman 1.5.3
Theforeman Foreman 1.2.3
Theforeman Foreman 1.1-1
Theforeman Foreman 1.6.0
Theforeman Foreman 1.8.3
Theforeman Foreman 1.7.1
Theforeman Foreman 1.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »