Lucene search
TheforemanForeman1.8.1
3 matches found
CVE-2015-5152
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
8.1CVSS7.8AI score0.00241EPSS
CVE-2017-7505
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global ...
8.8CVSS8.6AI score0.00308EPSS
CVE-2015-5282
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
6.1CVSS6.1AI score0.00433EPSS