PT-2026-28315

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...

EUVD-2016-5960

Malware in sbrugna...

EUVD-2021-26791

Malware in sbrugna...

PT-2024-38030

Name of the Vulnerable Software and Affected Versions Foreman versions 6.13 through 6.15 Foreman with Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This...

Design/Logic Flaw

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

PT-2014-3474 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.2 Description: The issue allows remote attackers to hijack web sessions. This is achieved via the session id cookie. Recommendations: For versions prior to 1.4.2, update to version 1.4.2 or later to resolve the...