994 matches found
CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
CVE-2026-1531
CVE-2026-1531 affects foreman_kubevirt. When configuring the connection to OpenShift, SSL verification is disabled if a CA certificate is not explicitly provided, creating an insecure default. This enables a potential MITM when traffic between Satellite and OpenShift is intercepted, with possible...
CVE-2026-1531
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
EUVD-2026-5117
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
PT-2026-5613
Name of the Vulnerable Software and Affected Versions foreman kubevirt affected versions not specified Description A security issue exists in foreman kubevirt related to SSL verification when connecting to OpenShift. By default, the system disables SSL verification if a Certificate Authority CA...
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...
CVE-2026-1531
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
Improper Certificate Validation
Overview foremankubevirt is a Provision and manage Kubevirt Virtual Machines from Foreman. Affected versions of this package are vulnerable to Improper Certificate Validation due to the default configuration disabling SSL verification if a CA certificate is not explicitly provided. An attacker ca...
Foreman Kubevirt Plugin Trust Management Vulnerability
The Foreman Kubevirt Plugin is an open-source computing module plugin developed by Foreman. The Foreman Kubevirt Plugin has a vulnerability related to trust management. This vulnerability stems from insecure default SSL verification, which may lead to man-in-the-middle attacks...
Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...
foreman: Satellite: GraphQL API permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
foreman: Satellite: GraphQL API permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
foreman: Satellite: GraphQL API permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
foreman: Satellite: GraphQL API permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
RHEL 9 : Satellite 6.17.6 Async Update (Important) (RHSA-2025:19832)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19832 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...
RHEL 8 : Satellite 6.15.5.6 Async Update (Important) (RHSA-2025:19856)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19856 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
foreman: OS command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...