Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underly...
Redhat Satellite 6.0
Theforeman Foreman -
4
CVSSv2
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman Foreman
Redhat Satellite 6.0
6.5
CVSSv2
CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system avai...
Theforeman Foreman Ansible
Redhat Satellite 6.0
4
CVSSv2
CVE-2019-10198
An authentication bypass vulnerability exists in foreman-tasks prior to 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web ...
Theforeman Foreman-tasks
Redhat Satellite 6.6
3.5
CVSSv2
CVE-2016-8639
It was found that foreman prior to 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Theforeman Foreman
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
4
CVSSv2
CVE-2020-10716
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitiv...
Redhat Satellite Capsule 6.7
Redhat Satellite 6.7
Theforeman Foreman Ansible
1.9
CVSSv2
CVE-2014-0135
Kafo prior to 0.3.17 and 0.4.x prior to 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Theforeman Kafo 0.5.1
Theforeman Kafo 0.3.11
Theforeman Kafo 0.3.9
Theforeman Kafo 0.3.4
Theforeman Kafo 0.3.2
Theforeman Kafo 0.0.17
Theforeman Kafo 0.0.15
Theforeman Kafo 0.0.8
Theforeman Kafo 0.0.6
Theforeman Kafo 0.0.1
Theforeman Kafo
Theforeman Kafo 0.3.15
Theforeman Kafo 0.3.14
Theforeman Kafo 0.3.13
Theforeman Kafo 0.3.0
Theforeman Kafo 0.2.2
Theforeman Kafo 0.2.1
Theforeman Kafo 0.2.0
Theforeman Kafo 0.1.0
Theforeman Kafo 0.0.5
Theforeman Kafo 0.0.4
Theforeman Kafo 0.0.3
3.6
CVSSv2
CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resour...
Theforeman Openscap
3.6
CVSSv2
CVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resources ...
Theforeman Smart Proxy Salt
4.6
CVSSv2
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabi...
Theforeman Foremanfogproxmox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »