Foreman@1.12.0 Security Vulnerabilities and Issues — Foreman@1.12.0 CVE List

Lucene search

TheforemanForeman1.12.0

4 matches found

CVE•added 2016/08/19 9:59 p.m.•47 views

CVE-2016-4475

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

8.8CVSS8.2AI score0.00132EPSS

CVE•added 2016/08/19 9:59 p.m.•44 views

CVE-2016-4451

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that ...

6CVSS4.9AI score0.00264EPSS

CVE•added 2017/05/26 4:29 p.m.•42 views

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global ...

8.8CVSS8.6AI score0.00308EPSS

CVE•added 2017/09/25 5:29 p.m.•39 views

CVE-2015-5282

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

6.1CVSS6.1AI score0.00433EPSS