Foreman@1.2.1 Security Vulnerabilities and Issues — Foreman@1.2.1 CVE List

Lucene search

TheforemanForeman1.2.1

3 matches found

CVE•added 2013/11/20 2:12 p.m.•52 views

CVE-2013-4386

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

7.5CVSS8.8AI score0.00354EPSS

CVE•added 2014/05/08 2:29 p.m.•44 views

CVE-2014-0090

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

6.8CVSS6.9AI score0.00412EPSS

CVE•added 2017/07/17 1:18 p.m.•44 views

CVE-2015-5152

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

8.1CVSS7.8AI score0.00241EPSS