CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7077 – foreman: Foreman information leak through unauthorized multiple_checkboxes helper
https://notcve.org/view.php?id=CVE-2016-7077
10 Sep 2018 — foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. Foreman en versiones anteriores a la 1.14.0 es vulnerable a una fuga de información. Se ha detectado que el ayudante de formularios de Foreman no autoriza las opciones para objetos asociados. • http://www.securityfocus.com/bid/94230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7078 – foreman: Information leak through organizations and locations feature
https://notcve.org/view.php?id=CVE-2016-7078
10 Sep 2018 — foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. Foreman en versiones anteriores a la 1.15.0 es vulnerable a una fuga de información mediante la funcionalidad de organizaciones y ubicaciones.... • http://www.securityfocus.com/bid/96385 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8634 – foreman: Stored XSS in org/loc wizard
https://notcve.org/view.php?id=CVE-2016-8634
01 Aug 2018 — A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. Se ha descubierto una vulnerabilidad en Foreman 1.14.0. • http://www.securityfocus.com/bid/94206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8613 – foreman: Stored XSS vulnerability in remote execution plugin
https://notcve.org/view.php?id=CVE-2016-8613
31 Jul 2018 — A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. Se ha descubierto un problema en Foreman 1.5.1. • http://www.securityfocus.com/bid/93859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7535
https://notcve.org/view.php?id=CVE-2017-7535
26 Jul 2018 — foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action. foreman en versiones anteriores a la 1.16.0 es vulnerable a Cross-Site Scripting (XSS) persistente en la asignación de organizaciones o ubicaciones a los hosts. Su explotación requiere que un usuario asigne activamente los hosts a una organizac... • http://seclists.org/oss-sec/2017/q3/521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1096 – foreman: SQL injection due to improper handling of the widget id parameter
https://notcve.org/view.php?id=CVE-2018-1096
05 Apr 2018 — An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. Se ha encontrado un error de saneamiento de entradas en el campo id del controlador del panel de Foreman, en versiones anteriores a la 1.16.1. Un usuario podría emplear este error para realizar un ataque de inyección SQL en la base de datos del backend. An input sanitization flaw was found in the id field of the das... • http://projects.theforeman.org/issues/23028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1097 – foreman: Ovirt admin password exposed by foreman API
https://notcve.org/view.php?id=CVE-2018-1097
04 Apr 2018 — A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. Se ha descubierto un problema en versiones anteriores a la 1.16.1 de foreman. El problema permite que usuarios con permisos limitados para encender y apagar hosts oVirt/RHV descubran el nombre de usuario y la contraseña empleados para conectarse al recurso del ordenador. Red Hat Satellite is a systems... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-2672 – foreman: Image password leak
https://notcve.org/view.php?id=CVE-2017-2672
20 Feb 2018 — A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. Se ha encontrado un error en foreman en versiones anteriores a la 1.15 en el registro de adición y registro de imágenes. Un atacante con acceso al archivo de logs de foreman podría ver contraseñas para sistemas aprovisionados en el archivo de registro, lo... • http://www.securityfocus.com/bid/97526 • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8183 – foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization
https://notcve.org/view.php?id=CVE-2014-8183
20 Feb 2018 — It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Se encontró que foreman, versiones 1.x.x anteriores a 1.15.6, en Satellite versión 6 no aplicaba apropiadamente los controles de acceso sobre ciertos recursos. Un atacante con acceso a la API y conocimiento del nombre del recurso puede acceder a recursos en otra... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8639 – foreman: Stored XSS via organization/location with HTML in name
https://notcve.org/view.php?id=CVE-2016-8639
20 Feb 2018 — It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. Se ha detectado que Foreman en versiones anteriores a la 1.13.0 es vulnerable a Cross-Site Scripting (XSS) persistente mediante un nombre de organización o ubicación. Esto podría permitir que un atacante con privilegios para establecer el no... • http://www.securityfocus.com/bid/94263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •