CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7078 – foreman: Information leak through organizations and locations feature
https://notcve.org/view.php?id=CVE-2016-7078
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. Foreman en versiones anteriores a la 1.15.0 es vulnerable a una fuga de información mediante la funcionalidad de organizaciones y ubicaciones. Cuando se le asigna a un usuario _no_ organizaciones/ubicaciones, pueden ver todos los recursos en lugar de ninguno (copiando la vista de administrador). • http://www.securityfocus.com/bid/96385 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078 https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905 https://projects.theforeman.org/issues/16982 https://seclists.org/oss-sec/2017/q1/470 https://theforeman.org/security.html#2016-7078 https://access.redhat.com/security/cve/CVE-2016-7078 https://bugzilla.redhat.com/show_bug.cgi?id=1386244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8634 – foreman: Stored XSS in org/loc wizard
https://notcve.org/view.php?id=CVE-2016-8634
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. Se ha descubierto una vulnerabilidad en Foreman 1.14.0. • http://www.securityfocus.com/bid/94206 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8634 https://projects.theforeman.org/issues/17195 https://access.redhat.com/security/cve/CVE-2016-8634 https://bugzilla.redhat.com/show_bug.cgi?id=1391520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8613 – foreman: Stored XSS vulnerability in remote execution plugin
https://notcve.org/view.php?id=CVE-2016-8613
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. Se ha descubierto un problema en Foreman 1.5.1. • http://www.securityfocus.com/bid/93859 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613 https://github.com/theforeman/foreman_remote_execution/pull/208 https://projects.theforeman.org/issues/17066 https://access.redhat.com/security/cve/CVE-2016-8613 https://bugzilla.redhat.com/show_bug.cgi?id=1387232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7535
https://notcve.org/view.php?id=CVE-2017-7535
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action. foreman en versiones anteriores a la 1.16.0 es vulnerable a Cross-Site Scripting (XSS) persistente en la asignación de organizaciones o ubicaciones a los hosts. Su explotación requiere que un usuario asigne activamente los hosts a una organización que contenga html en su nombre, algo que es visible para el usuario antes de tomar cualquier acción. • http://seclists.org/oss-sec/2017/q3/521 http://www.securityfocus.com/bid/99604 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535 https://projects.theforeman.org/issues/20963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1096 – foreman: SQL injection due to improper handling of the widget id parameter
https://notcve.org/view.php?id=CVE-2018-1096
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. Se ha encontrado un error de saneamiento de entradas en el campo id del controlador del panel de Foreman, en versiones anteriores a la 1.16.1. Un usuario podría emplear este error para realizar un ataque de inyección SQL en la base de datos del backend. An input sanitization flaw was found in the id field of the dashboard controller. • http://projects.theforeman.org/issues/23028 https://access.redhat.com/errata/RHSA-2018:2927 https://bugzilla.redhat.com/show_bug.cgi?id=1561061 https://access.redhat.com/security/cve/CVE-2018-1096 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •