CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4886 – Foreman: world readable file containing secrets
https://notcve.org/view.php?id=CVE-2023-4886
03 Oct 2023 — A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. Se encontró una vulnerabilidad de exposición de información confidencial en Foreman. Se descubrió que el contenido del archivo server.xml de Tomcat, que contiene contraseñas para el almacén de claves y el almacén de confianza de Candlepin, es legible en todo el mundo. Updated Satellite 6.14 packages that fi... • https://access.redhat.com/errata/RHSA-2023:7851 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0462 – Arbitrary code execution through yaml global parameters
https://notcve.org/view.php?id=CVE-2023-0462
20 Sep 2023 — An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. Se encontró una falla en la ejecución de código arbitrario en Foreman. Este problema puede permitir que un usuario administrador ejecute código arbitrario en el sistema operativo subyacente estableciendo parámetros globales con un payload YAML. • https://access.redhat.com/security/cve/CVE-2023-0462 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3590
https://notcve.org/view.php?id=CVE-2021-3590
22 Aug 2022 — A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en Foreman project. Se ha identificado un filtrado de credenciales que expondrá la contraseña de Azure Compute Profile mediante el JSON de la salida de la API. • https://access.redhat.com/security/cve/CVE-2021-3590 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10710
https://notcve.org/view.php?id=CVE-2020-10710
16 Aug 2022 — A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. Se ha detectado un fallo en el que es divulgada la contraseña Plaintext Candlepin al actualizar Red Hat Satellite mediante del instalador de satélites. Este fallo permite a un atacante con privilegios suficientemente altos, como root, recuperar la contr... • https://bugzilla.redhat.com/show_bug.cgi?id=1816747 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3584 – foreman: Authenticate remote code execution through Sendmail configuration
https://notcve.org/view.php?id=CVE-2021-3584
23 Dec 2021 — A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. Se encontró una vulnerabilidad de ejecución de código remota del lado del servidor Foreman project. • https://bugzilla.redhat.com/show_bug.cgi?id=1968439 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3469
https://notcve.org/view.php?id=CVE-2021-3469
03 Jun 2021 — Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. Foreman versiones anteriores a 2.3.4... • https://bugzilla.redhat.com/show_bug.cgi?id=1943630 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3494 – foreman: possible man-in-the-middle in smart_proxy realm_freeipa
https://notcve.org/view.php?id=CVE-2021-3494
26 Apr 2021 — A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0. Un proxy inteligente que proporciona una API restful a varios subsistemas del... • https://bugzilla.redhat.com/show_bug.cgi?id=1948005 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16861 – foreman: stored XSS in success notification after entity creation
https://notcve.org/view.php?id=CVE-2018-16861
07 Dec 2018 — A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable. Se ha encontrado un error Cross-Site Scripting (XSS) en el componente "satellite" de Foreman. Un at... • https://access.redhat.com/errata/RHSA-2019:1222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7077 – foreman: Foreman information leak through unauthorized multiple_checkboxes helper
https://notcve.org/view.php?id=CVE-2016-7077
10 Sep 2018 — foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. Foreman en versiones anteriores a la 1.14.0 es vulnerable a una fuga de información. Se ha detectado que el ayudante de formularios de Foreman no autoriza las opciones para objetos asociados. • http://www.securityfocus.com/bid/94230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8613 – foreman: Stored XSS vulnerability in remote execution plugin
https://notcve.org/view.php?id=CVE-2016-8613
31 Jul 2018 — A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. Se ha descubierto un problema en Foreman 1.5.1. • http://www.securityfocus.com/bid/93859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •