Foreman Security Vulnerabilities and Issues — Foreman CVE List

Lucene search

TheforemanForeman

5 matches found

CVE•added 2013/11/20 2:12 p.m.•56 views

CVE-2013-4386

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

7.5CVSS8.8AI score0.00354EPSS

CVE•added 2013/07/31 1:20 p.m.•52 views

CVE-2013-2113

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

6CVSS6.7AI score0.32418EPSS

CVE•added 2013/07/31 1:20 p.m.•52 views

CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

6CVSS7.5AI score0.4565EPSS

CVE•added 2013/09/16 7:14 p.m.•52 views

CVE-2013-4182

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

7.5CVSS6.9AI score0.00712EPSS

CVE•added 2013/09/16 7:14 p.m.•48 views

CVE-2013-4180

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

5CVSS6.9AI score0.00535EPSS