Foreman@1.11.0 Security Vulnerabilities and Issues — Foreman@1.11.0 CVE List

Lucene search

TheforemanForeman1.11.0

4 matches found

CVE•added 2016/05/20 2:59 p.m.•55 views

CVE-2016-3728

Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

8.8CVSS9AI score0.05768EPSS

CVE•added 2016/05/20 2:59 p.m.•42 views

CVE-2016-2100

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

6.5CVSS5.2AI score0.00201EPSS

CVE•added 2017/05/26 4:29 p.m.•42 views

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global ...

8.8CVSS8.6AI score0.00308EPSS

CVE•added 2017/09/25 5:29 p.m.•39 views

CVE-2015-5282

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

6.1CVSS6.1AI score0.00433EPSS