Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday2 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-41004

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score
Exploits0References7
Cvelist
Cvelist
added yesterday11 views

CVE-2026-5135 Foreman: foreman: unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-41003

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-5135 Foreman: foreman: unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References7
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2016/08/19 12:0 a.m.4 views

PT-2016-6826 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.12.2 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. This is...

5.4CVSS5.2AI score0.00936EPSS
Exploits0References8
Prion
Prion
added 2015/12/17 7:59 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

4.3CVSS5.9AI score0.01846EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder