77 matches found
CVE-2021-3590
The CVE-2021-3590 entry concerns the Foreman project, where a credential leak could expose the Azure Compute Profile password through the JSON output of the API. The described impact affects data confidentiality, integrity, and availability. There are no concrete remediation steps or exploit spec...
CVE-2021-20260
CVE-2021-20260 affects the Foreman project, specifically the Datacenter plugin, where the API exposes the password to an authenticated local attacker with the view_hosts permission. This yields potential impacts to confidentiality, integrity, and availability. The NVD entry rates it as high (CVSS...
CVE-2023-0118
CVE-2023-0118 : The vulnerability affects Foreman, where an admin user can bypass safe mode in templates and execute arbitrary code on the underlying OS. The documented impact is critical (CVSS v3.1 base score 9.1, all impact metrics High). Connected advisories reference Red Hat Satellite/Foreman...
CVE-2022-3874
CVE-2022-3874 is a command-injection flaw in Foreman where an authenticated admin can trigger OS commands via CoreOS/Fedora CoreOS templates (ct_command and fcct_command). Root cause: command injection in template processing could lead to arbitrary code execution on the host. Exploitation details...
CVE-2023-0462
CVE-2023-0462 is a Foreman-related arbitrary code execution vulnerability. The flaw allows an admin to execute arbitrary OS code by supplying a YAML payload in global parameters, enabling code execution within the Foreman/Satellite context. Connected advisories show multiple Red Hat Satellite/For...
CVE-2023-4886
CVE-2023-4886 affects Foreman (reported in Red Hat Satellite advisories). The issue is a world-readable Tomcat server.xml containing candlepin keystore/truststore passwords, enabling sensitive data exposure locally. Public references indicate Foreman is the affected component and list this CVE am...
CVE-2021-3584
CVE-2021-3584 is a server-side remote code execution in the Foreman project. An authenticated attacker can abuse Sendmail configuration options to overwrite defaults and perform command injection, impacting confidentiality, integrity, and availability. According to the primary sources, fixed rele...
CVE-2018-14643
Summary : CVE-2018-14643 describes an authentication bypass flaw in the smart_proxy_dynflow component (Ruby gem) used by Foreman, enabling a remote attacker to execute arbitrary commands on managed machines in a highly privileged context. Affected software : Foreman ecosystem with the smart_proxy...
CVE-2021-3494
CVE-2021-3494 affects the Foreman smart proxy’s FreeIPA module, where SSL certificate verification is not performed. This enables a potential Man-in-the-Middle attack if conditions are met, compromising confidentiality. Affected: Foreman/smart proxy versions before 2.5.0 (per NVD OSV notes). The ...
CVE-2021-3469
CVE-2021-3469 affects Foreman prior to 2.3.4 and prior to 2.4.0, due to an improper authorization handling flaw that lets an authenticated attacker impersonate the foreman-proxy when the Puppet CA is configured to sign certificate requests containing SANs. Foreman does not enable SANs by default,...
CVE-2017-2672
Foreman vulnerability CVE-2017-2672 affects Foreman prior to version 1.15, in the logging of adding and registering images. An attacker with access to the Foreman log file could view passwords for provisioned systems, enabling unauthorized access. No exploitation vector details are provided beyon...
CVE-2014-8183
CVE-2014-8183 affects Foreman in Red Hat Satellite 6.x (Foreman 1.x.x before 1.15.6). The root cause is improper enforcement of access controls on certain resources via the API, allowing an attacker with API access and knowledge of a resource name to access resources in other organizations. The R...
CVE-2014-0007
CVE-2014-0007 affects Foreman’s Smart-Proxy TFTP module. The Smart-Proxy before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. Impact per sources indicates remote command execution; attesta...
CVE-2016-8639
The CVE-2016-8639 entry refers to a stored XSS vulnerability in Foreman prior to version 1.13.0, exploitable via setting an organization or location name to include arbitrary HTML/JavaScript. Affected component is Foreman’s web interface, with the underlying issue being HTML/input handling in org...
CVE-2018-1096
Foreman prior to version 1.16.1 is affected by an input sanitization flaw in the id field of the dashboard controller that enables SQL injection against the back-end database. Affected component: Foreman dashboard controller (id parameter). Root cause: insufficient input sanitization leading to a...
CVE-2017-15100
CVE-2017-15100 is a stored XSS vulnerability in Foreman triggered when a remote attacker submits facts containing HTML. The issue affects the Foreman web pages that render facts on the Facts, Trends, and Statistics views. Red Hat’s RHSA-2018:2927 (Satellite 6.4) includes this CVE among others and...
CVE-2019-3893
CVE-2019-3893 affects Foreman: the delete_compute_resource operation via the Foreman API can disclose plaintext passwords/tokens for the affected compute resource. Vulnerable are Foreman versions prior to 1.20.3, 1.21.1, and 1.22.0. A malicious user with the delete_compute_resource permission can...
CVE-2016-3728
Summary: CVE-2016-3728 describes an eval-injection in Foreman’s Smart-Proxy TFTP module (tftp_api.rb) that allows an attacker to execute arbitrary code via the PATH_INFO PXE template type. Affected: Foreman/Smart-Proxy prior to 1.10.4 and 1.11.x prior to 1.11.2. Impact: remote code execution with...
CVE-2018-1097
CVE-2018-1097 affects Foreman prior to 1.16.1. The vulnerability allows users with limited permissions for powering Ovirt/RHV hosts on and off to discover the credentials (username and password) used to connect to the compute resource. Exploitation details are not provided in the connected docume...
CVE-2016-7077
CVE-2016-7077 affects Foreman prior to version 1.14.0, where the form helper does not authorize options for associated objects. This information disclosure allows an unauthorized user to see the names of those objects when their count is less than six. The vulnerability is documented with CVSS sc...
CVE-2013-4386
Foreman (prior to 1.2.3) contains SQL injection vulnerabilities in app/models/concerns/host_common.rb that allow remote attackers to execute arbitrary SQL via the fqdn or hostgroup parameters. This impacts Foreman versions before 1.2.3; remediation is to upgrade to 1.2.3 or later (as noted by Red...
CVE-2020-10710
CVE-2020-10710 affects Red Hat Satellite components (Candlepin) where the plaintext Candlepin password can be disclosed during updates via the satellite-installer. The flaw enables an attacker with sufficiently high privileges (e.g., root) to retrieve the Candlepin plaintext password, with confid...
CVE-2014-3691
Foreman/foreman-proxy is affected by CVE-2014-3691 due to failure to validate SSL certificates in SSL-enabled mode, allowing remote attackers to bypass authentication and issue arbitrary API requests without a certificate. Affected versions: Foreman prior to 1.5.4 and foreman-proxy in Foreman 1.6...
CVE-2013-2121
Foreman (Red Hat OpenStack/Satellite) CVE-2013-2121 is an eval injection in the create action of the bookmarks controller. Before 1.2.0-RC2, remote authenticated users with bookmark-creation permissions can execute arbitrary code via a controller name attribute. Public references note code inject...
CVE-2016-8634
Affected product: Foreman 1.14.0. The stored XSS vulnerability occurs when creating an organization or location whose name contains HTML, which is rendered in the second wizard step ( /organizations/id/step2 ) in the alert box. This can lead to a stored XSS if a user navigates to that URL after c...
CVE-2016-9593
CVE-2016-9593 affects foreman-debug; the vulnerability arises from missing obfuscation of sensitive information in logging. An attacker with access to the foreman log file could view passwords, enabling credential exposure and potential system access. Public references indicate the issue is tied ...
CVE-2018-16861
CVE-2018-16861 is a stored XSS in the Foreman component of Red Hat Satellite, exploitable when a user with privileges creates entities via Hosts, Monitor, Infrastructure, or Admin menus. The issue allows an attacker to inject scripts that run in other users’ browsers and could lead to theft of an...
CVE-2016-6319
CVE-2016-6319 is a cross-site scripting (XSS) vulnerability in Foreman before 1.12.2, exploitable via the label parameter in app/helpers/form_helper.rb used by Remote Execution (and possibly other plugins). The issue enables remote attackers to inject arbitrary web script or HTML, with impact des...
CVE-2016-8613
CVE-2016-8613 affects Foreman 1.5.1’s remote execution plugin. The vulnerability occurs when a job submission contains HTML tags; the console output in the Foreman web UI is not escaped, allowing stored HTML/JavaScript to execute in the user’s browser. The exploit is a stored XSS due to unescaped...
CVE-2013-2113
CVE-2013-2113 affects Foreman before 1.2.0-RC2. The vulnerability lies in the create method of app/controllers/users_controller.rb, where remote authenticated users with create_users permissions can gain privileges by either flipping the admin flag or assigning an arbitrary role. Impact is privil...
CVE-2013-4182
CVE-2013-4182 affects Foreman prior to 1.2.2, specifically the API at /api/v1/hosts handled by hosts_controller.rb, where access checks were insufficient. This allowed remote attackers to access arbitrary hosts via the API request. The publicly documented remediation is to upgrade to Foreman 1.2....
CVE-2014-0089
CVE-2014-0089 is a cross-site scripting (XSS) vulnerability in Foreman 1.4.x prior to 1.4.2, exploitable by a remote authenticated user who can inject script/HTML via the bookmark name when adding a bookmark. The root cause is exposed in app/views/common/500.html.erb, enabling arbitrary script ex...
CVE-2014-0091
The connected documents confirm CVE-2014-0091 affects Foreman, with the underlying issue described as improper input validation that can cause a partial Denial of Service. The sources (NVD, Veracode) consistently report DoS due to input validation problems in Foreman. No concrete vendor/version d...
CVE-2015-1844
CVE-2015-1844 corresponds to a Foreman/Satellite API authorization flaw: remote authenticated users could bypass organization/location restrictions via the REST API. Connected advisories (RHSA-2015:1591/1592) indicate affected Foreman components and that remediation is provided through Red Hat Sa...
CVE-2015-5152
CVE-2015-5152 affects Foreman versions 1.1 through 1.9.0-RC1, where HTTP requests are not redirected to HTTPS when require_ssl is true, enabling a MITM to capture credentials. Root cause is lack of HTTP-to-HTTPS redirection under the require_ssl setting. Impact is credential leakage via network a...
CVE-2016-7078
CVE-2016-7078 : Foreman before 1.15.0 is vulnerable to an information disclosure via the organizations/locations feature. If a user is assigned no organizations/locations, they can view all resources (mirroring an administrator’s view) though their actions remain limited by their permissions. Roo...
CVE-2018-14664
CVE-2018-14664 affects Foreman in versions 1.18 and earlier, where a stored cross-site scripting vulnerability exists in the breadcrumbs bar due to improperly escaped HTML. This allows a user with permission to edit which attribute is used in breadcrumbs to inject code that executes in the client...
CVE-2013-4180
The CVE-2013-4180 issue affects Foreman prior to 1.2.2, where the HostController’s power and ipmi_boot actions allow remote attackers to trigger a denial-of-service via input converted to a symbol, causing memory consumption. Affected version range is Foreman
CVE-2014-0208
CVE-2014-0208 is a Foreman XSS vulnerability in the search auto-completion, exploitable by remote authenticated users via a crafted key name in Foreman versions prior to 1.4.4. Root cause: reflected/stored XSS in the auto-complete input path (exact implementation details not provided in the docum...
CVE-2014-3531
Foreman before 1.5.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary web script or HTML via the operating system name or description fields. The issue is tied to user-controlled data in OS metadata, leading to potential ...
CVE-2016-6320
CVE-2016-6320 describes a Cross-Site Scripting (XSS) vulnerability in Foreman’s web UI, specifically in the file app/assets/javascripts/host_edit_interfaces.js. The issue allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the ho...
CVE-2015-5233
Foreman is vulnerable due to improper enforcement of the view_hosts permission in versions before 1.8.4 and 1.9.x before 1.9.1. This allows remote authenticated users with read access to reports (view_reports) to read reports from arbitrary hosts, and users with delete access (destroy_reports) to...
CVE-2016-4451
The CVE-2016-4451 issue affects Foreman: Organization and Locations APIs allow remote authenticated users to bypass organization and location restrictions by using knowledge of an arbitrary organization id, enabling read/modify of data for that org. Affected versions: Foreman before 1.11.3 and Fo...
CVE-2016-4475
The CVE-2016-4475 issue affects Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3. It allows remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. Impact is data exposure and...
CVE-2014-0090
Affected software : Foreman prior to 1.4.2 (affects Foreman-based stacks; linked Red Hat Satellite context may apply). Vulnerability : Session fixation via the session id cookie. Impact : Remote attackers can hijack web sessions. Root cause : Session identifier handling enables fixation attacks. ...
CVE-2015-1816
CVE-2015-1816 affects Foreman/Foreman Proxy (Forman) before 1.7.4, where SSL certificates were not verified for LDAP connections, enabling MITM spoofing of LDAP servers via crafted certificates. Impact: potential credential exposure through LDAP authentication; base score 5.0 (Medium) per NVD. Re...
CVE-2016-4995
Foreman is affected in versions prior to 1.11.4 and 1.12.x prior to 1.12.1. The issue is an information-disclosure vulnerability where remote authenticated users with permission to view some hosts can access sensitive host configuration data through a URL referencing a hostname, due to improper r...
CVE-2014-0192
CVE-2014-0192 affects Foreman: versions 1.4.0 through 1.4.x are vulnerable. The issue is that provisioning template previews were not properly restricted, allowing remote attackers to access sensitive information via the hostname parameter (spoof-related). The primary concrete detail available fr...
CVE-2024-7700
The CVE-2024-7700 entry concerns Foreman where the vulnerability is a command-injection flaw in the Host Init Config template via the Install Packages field on the Register Host page. The root cause is the injection into the configuration, enabling potentially arbitrary command execution during h...
CVE-2015-3155
Foreman vulnerable: Foreman before 1.8.1 does not set the secure flag on the _session_id cookie in HTTPS sessions, enabling cookie capture over HTTP. Impact is partial confidentiality loss. Remediation: update to Foreman 1.8.1 or later (fixes the secure flag handling).