Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-2100
Foreman prior to 1.10.3 and 1.11.0 prior to 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
Theforeman Foreman
Theforeman Foreman 1.11.0
4.8
CVSSv3
CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code e...
Theforeman Foreman
Theforeman Foreman 1.20.0
NA
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
NA
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
NA
CVE-2013-2113
The create method in app/controllers/users_controller.rb in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
7.2
CVSSv3
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
5.4
CVSSv3
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
5.4
CVSSv3
CVE-2014-3531
Multiple cross-site scripting (XSS) vulnerabilities in Foreman prior to 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Theforeman Foreman
NA
CVE-2012-5477
The smart proxy in Foreman prior to 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
Theforeman Foreman
7.8
CVSSv3
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »