Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Theforeman Foreman 1.9.0
NA
CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Theforeman Foreman
Redhat Satellite
3.6
CVSSv2
CVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resources ...
Theforeman Smart Proxy Salt
NA
CVE-2023-0118
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Theforeman Foreman
Redhat Satellite
NA
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
4
CVSSv2
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman Foreman
Redhat Satellite 6.0
4
CVSSv2
CVE-2019-3893
In Foreman it exists that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this...
Theforeman Foreman
Redhat Satellite 6.0
6.5
CVSSv2
CVE-2014-8183
It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Theforeman Foreman
Redhat Satellite 6.0
3.5
CVSSv2
CVE-2013-2101
Katello has multiple XSS issues in various entities
Theforeman Katello -
Redhat Satellite 6.0
4
CVSSv2
CVE-2018-1097
A flaw was found in foreman prior to 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Theforeman Foreman
Redhat Satellite 6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »