Foreman@1.2.0 Security Vulnerabilities and Issues — Foreman@1.2.0 CVE List

Lucene search

TheforemanForeman1.2.0

5 matches found

CVE•added 2013/11/20 2:12 p.m.•52 views

CVE-2013-4386

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

7.5CVSS8.8AI score0.00354EPSS

CVE•added 2013/09/16 7:14 p.m.•48 views

CVE-2013-4182

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

7.5CVSS6.9AI score0.00712EPSS

CVE•added 2013/09/16 7:14 p.m.•44 views

CVE-2013-4180

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

5CVSS6.9AI score0.00535EPSS

CVE•added 2014/05/08 2:29 p.m.•44 views

CVE-2014-0090

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

6.8CVSS6.9AI score0.00412EPSS

CVE•added 2017/07/17 1:18 p.m.•44 views

CVE-2015-5152

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

8.1CVSS7.8AI score0.00241EPSS