foreman

Top products

The 7 most recently published vulnerabilities affecting foreman.

• CVE-2014-0091Foreman has improper input validation which could lead to partial Denial of Service5.3Dec 11, 2019
• CVE-2016-7077foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects ...4.3Sep 10, 2018
• CVE-2016-7078foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resou...4.3Sep 10, 2018
• CVE-2016-9595A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing th...7.3Jul 27, 2018
• CVE-2017-7535foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains...6.1Jul 26, 2018
• CVE-2017-2667Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not ...8.1Mar 12, 2018
• CVE-2017-7505Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted...8.8May 26, 2017