Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
7.4
CVSSv3
CVE-2014-8183
It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Theforeman Foreman
Redhat Satellite 6.0
8.8
CVSSv3
CVE-2018-1097
A flaw was found in foreman prior to 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Theforeman Foreman
Redhat Satellite 6.4
4.9
CVSSv3
CVE-2019-3893
In Foreman it exists that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this...
Theforeman Foreman
Redhat Satellite 6.0
8
CVSSv3
CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system avai...
Theforeman Foreman Ansible
Redhat Satellite 6.0
5.5
CVSSv3
CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
Theforeman Hammer Cli -
Redhat Satellite 6.0
6.5
CVSSv3
CVE-2019-10198
An authentication bypass vulnerability exists in foreman-tasks prior to 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web ...
Theforeman Foreman-tasks
Redhat Satellite 6.6
9.8
CVSSv3
CVE-2012-3503
The installation script in Katello 1.0 and previous versions does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote malicious users to authenticate to the CloudForms System Engi...
Theforeman Katello
Redhat Enterprise Linux Server 6.0
5.4
CVSSv3
CVE-2016-8639
It was found that foreman prior to 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Theforeman Foreman
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
5.5
CVSSv3
CVE-2016-9595
A flaw was found in katello-debug prior to 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Theforeman Katello
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »