forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

PT-2026-28315

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...

Azure Compute Resource Provider Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

KLA89723 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Compute Resource Provider can be exploited...

EUVD-2019-13502

Malware in sbrugna...

EUVD-2018-11747

Malware in sbrugna...

EUVD-2021-1313

Malware in sbrugna...

Information Disclosure

satellite is vulnerable to information disclosure. The vulnerability exists due to a compute resource credential leak...

Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

CVE-2021-20259

A vulnerability in foreman_fog_proxmox (CVE-2021-20259) allows an authenticated local attacker with view_hosts permission to access the Proxmox compute resource password via the API, compromising confidentiality, integrity, and availability. Affected: foreman_fog_proxmox versions prior to 0.13.1....

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite...

CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Information Disclosure

foreman is vulnerable to information disclosure. The delete compute resource operation allows for the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the deletecomputeresource permission is able to exploit the vulnerability to take control ov...

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control...

Design/Logic Flaw

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control...

CVE-2019-3893

CVE-2019-3893 affects Foreman: the delete_compute_resource operation via the Foreman API can disclose plaintext passwords/tokens for the affected compute resource. Vulnerable are Foreman versions prior to 1.20.3, 1.21.1, and 1.22.0. A malicious user with the delete_compute_resource permission can...

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control...

CVE-2019-3893

It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control over compu...