EUVD-2018-6561

Malware in sbrugna...

The vulnerability affects the implementation of the Smart Class class in the software for managing Red Hat Satellite systems, as well as the Foreman application for managing, configuring, and monitoring servers. This allows a malicious individual to modify the configuration files.

The vulnerability of the Smart Class class implementation in the software for managing Red Hat Satellite systems, as well as the Foreman management, configuration, and monitoring application, is related to improper authentication. Exploiting this vulnerability allows a malicious actor to remotely...

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions...

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions...

Authorization

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions...

CVE-2018-14666

The CVE-2018-14666 describes an improper authorization flaw in the Smart Class feature of Foreman, affecting all Red Hat Satellite 6 versions. The underlying issue allows an attacker to change the configuration of any host registered in Satellite, regardless of organizational boundaries. The impa...

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions...

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Satellite, independent of the organization the host belongs to. This flaw affects all Satellite 6 versions...

foreman: Stored XSS vulnerability in smart class parameters/variables

A stored cross-site scripting XSS flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

PT-2015-7560 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via global parameters, smart class parameters, or smart variables in the host or hostgroup edit forms, potentially leading ...