CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3893 – foreman: Recover of plaintext password or token for the compute resources
https://notcve.org/view.php?id=CVE-2019-3893
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. En Foreman se descubrió que la operación de eliminar recursos de cálculo, cuando se ejecuta desde la API de Foreman, conduce a la revelación de la contraseña de texto plano o token para el recurso de cálculo afectado. Un usuario malicioso con el permiso "delete_compute_resource" puede utilizar este fallo para tomar el control de los recursos de cálculo gestionados por Foreman. • http://www.openwall.com/lists/oss-security/2019/04/14/2 http://www.securityfocus.com/bid/107846 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893 https://github.com/theforeman/foreman/pull/6621 https://projects.theforeman.org/issues/26450 https://access.redhat.com/security/cve/CVE-2019-3893 https://bugzilla.redhat.com/show_bug.cgi?id=1696400 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16861 – foreman: stored XSS in success notification after entity creation
https://notcve.org/view.php?id=CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable. Se ha encontrado un error Cross-Site Scripting (XSS) en el componente "satellite" de Foreman. Un atacante con privilegios para crear entradas mediante los menús Hosts, Monitor, Infrastructure o Administer puede ejecutar ataques Cross-Site Scripting (XSS) contra otros usuarios, lo que podría conducir a la ejecución de código malicioso y a la extracción del token anti-CSRF de usuarios con mayores privilegios. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16861 https://access.redhat.com/security/cve/CVE-2018-16861 https://bugzilla.redhat.com/show_bug.cgi?id=1645201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14664 – foreman: Persisted XSS on all pages that use breadcrumbs
https://notcve.org/view.php?id=CVE-2018-14664
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side. Se ha descubierto un problema desde la versión 1.18 de foreman. Existe una vulnerabilidad Cross-Site Scripting (XSS) persistente debido a código HTML escapado incorrectamente en la barra de miga de pan. • http://www.securityfocus.com/bid/106553 https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14664 https://projects.theforeman.org/issues/25169 https://access.redhat.com/security/cve/CVE-2018-14664 https://bugzilla.redhat.com/show_bug.cgi?id=1638130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14643 – smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature
https://notcve.org/view.php?id=CVE-2018-14643
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context. Se ha detectado una vulnerabilidad de omisión de autenticación en el componente smart_proxy_dynflow utilizado por Foreman. Un atacante malicioso puede usar este fallo para ejecutar comandos arbitrarios remotamente en máquinas gestionadas por instancias vulnerables de Foreman en un contexto altamente privilegiado. • http://www.securityfocus.com/bid/105375 https://access.redhat.com/errata/RHSA-2018:2733 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643 https://github.com/theforeman/smart_proxy_dynflow/pull/54 https://access.redhat.com/security/cve/CVE-2018-14643 https://bugzilla.redhat.com/show_bug.cgi?id=1629063 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7077 – foreman: Foreman information leak through unauthorized multiple_checkboxes helper
https://notcve.org/view.php?id=CVE-2016-7077
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. Foreman en versiones anteriores a la 1.14.0 es vulnerable a una fuga de información. Se ha detectado que el ayudante de formularios de Foreman no autoriza las opciones para objetos asociados. • http://www.securityfocus.com/bid/94230 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077 https://projects.theforeman.org/issues/16971 https://theforeman.org/security.html#2016-7077 https://access.redhat.com/security/cve/CVE-2016-7077 https://bugzilla.redhat.com/show_bug.cgi?id=1385777 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •