Foreman@1.9.0 Security Vulnerabilities and Issues — Foreman@1.9.0 CVE List

Lucene search

TheforemanForeman1.9.0

4 matches found

CVE•added 2016/04/11 9:59 p.m.•49 views

CVE-2015-5233

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from ar...

6CVSS4.2AI score0.00129EPSS

CVE•added 2017/10/06 3:29 p.m.•47 views

CVE-2015-5246

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

8.1CVSS8.1AI score0.00871EPSS

CVE•added 2017/05/26 4:29 p.m.•42 views

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global ...

8.8CVSS8.6AI score0.00308EPSS

CVE•added 2017/09/25 5:29 p.m.•39 views

CVE-2015-5282

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

6.1CVSS6.1AI score0.00433EPSS