Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
foreman vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-0187
Foreman prior to 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
Theforeman Foreman
NA
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
NA
CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.
Theforeman Foreman
3.5
CVSSv2
CVE-2021-3469
Foreman versions prior to 2.3.4 and prior to 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternativ...
Theforeman Foreman
4.3
CVSSv2
CVE-2017-7535
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.
Theforeman Foreman
7.5
CVSSv2
CVE-2013-0171
Foreman prior to 1.1 allows remote malicious users to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
Theforeman Foreman
5
CVSSv2
CVE-2013-0173
Foreman prior to 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Theforeman Foreman
5
CVSSv2
CVE-2013-0174
The external node classifier (ENC) API in Foreman prior to 1.1 allows remote malicious users to obtain the hashed root password via an API request.
Theforeman Foreman
4
CVSSv2
CVE-2016-7077
foreman prior to 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Theforeman Foreman
3.5
CVSSv2
CVE-2014-3531
Multiple cross-site scripting (XSS) vulnerabilities in Foreman prior to 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Theforeman Foreman
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »