Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman - vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
409
VMScore
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabi...
Theforeman Foremanfogproxmox
312
VMScore
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
356
VMScore
CVE-2020-10716
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitiv...
Redhat Satellite Capsule 6.7
Redhat Satellite 6.7
Theforeman Foreman Ansible
320
VMScore
CVE-2021-3457
An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited reso...
Theforeman Smart Proxy Shell Hooks
383
VMScore
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions ...
Theforeman Foreman
578
VMScore
CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions prior to 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data conf...
Theforeman Foreman Azurerm
Redhat Satellite 6.0
445
VMScore
CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service
Theforeman Foreman -
578
VMScore
CVE-2014-8183
It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Theforeman Foreman
Redhat Satellite 6.0
356
VMScore
CVE-2019-10198
An authentication bypass vulnerability exists in foreman-tasks prior to 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web ...
Theforeman Foreman-tasks
Redhat Satellite 6.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »