Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman - vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2016-2100
Foreman prior to 1.10.3 and 1.11.0 prior to 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
Theforeman Foreman
Theforeman Foreman 1.11.0
312
VMScore
CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code e...
Theforeman Foreman
Theforeman Foreman 1.20.0
383
VMScore
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
605
VMScore
CVE-2013-2113
The create method in app/controllers/users_controller.rb in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
605
VMScore
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
801
VMScore
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
NA
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
445
VMScore
CVE-2014-0091
Foreman has improper input validation which could lead to partial Denial of Service
Theforeman Foreman -
356
VMScore
CVE-2016-7077
foreman prior to 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Theforeman Foreman
312
VMScore
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »