Lucene search
+L

994 matches found

Cvelist
Cvelist
added 2026/02/02 5:47 a.m.34 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References5
CVE
CVE
added 2026/02/02 5:47 a.m.29 views

CVE-2026-1531

CVE-2026-1531 affects foreman_kubevirt. When configuring the connection to OpenShift, SSL verification is disabled if a CA certificate is not explicitly provided, creating an insecure default. This enables a potential MITM when traffic between Satellite and OpenShift is intercepted, with possible...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/02 5:47 a.m.7 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/02 5:47 a.m.6 views

EUVD-2026-5117

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 5:47 a.m.8 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5613

Name of the Vulnerable Software and Affected Versions foreman kubevirt affected versions not specified Description A security issue exists in foreman kubevirt related to SSL verification when connecting to OpenShift. By default, the system disables SSL verification if a Certificate Authority CA...

8.1CVSS5.5AI score0.00274EPSS
Exploits0References13
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 5:0 p.m.13 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

8.9CVSS6.6AI score0.02667EPSS
Exploits7References9
RedhatCVE
RedhatCVE
added 2026/01/28 1:22 p.m.6 views

CVE-2026-1531

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.7AI score0.00274EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 12:34 p.m.5 views

Improper Certificate Validation

Overview foremankubevirt is a Provision and manage Kubevirt Virtual Machines from Foreman. Affected versions of this package are vulnerable to Improper Certificate Validation due to the default configuration disabling SSL verification if a CA certificate is not explicitly provided. An attacker ca...

8.3CVSS5.6AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Foreman Kubevirt Plugin Trust Management Vulnerability

The Foreman Kubevirt Plugin is an open-source computing module plugin developed by Foreman. The Foreman Kubevirt Plugin has a vulnerability related to trust management. This vulnerability stems from insecure default SSL verification, which may lead to man-in-the-middle attacks...

8.1CVSS7.1AI score0.00274EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/14 7:31 p.m.11 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

8.1CVSS7.1AI score0.00463EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/20 9:27 p.m.6 views

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/20 9:22 p.m.5 views

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/20 9:18 p.m.5 views

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/20 8:43 p.m.4 views

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.5 views

RHEL 9 : Satellite 6.17.6 Async Update (Important) (RHSA-2025:19832)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19832 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

8CVSS7.3AI score0.00605EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.2 views

RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

8CVSS7.3AI score0.00605EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.6 views

RHEL 8 : Satellite 6.15.5.6 Async Update (Important) (RHSA-2025:19856)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19856 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

8CVSS7.2AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/06 2:27 a.m.6 views

foreman: OS command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS6AI score0.00573EPSS
Exploits0References5
Rows per page
Query Builder