Page 4 of 55 results (0.013 seconds)

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Se encontró que foreman, versiones 1.x.x anteriores a 1.15.6, en Satellite versión 6 no aplicaba apropiadamente los controles de acceso sobre ciertos recursos. Un atacante con acceso a la API y conocimiento del nombre del recurso puede acceder a recursos en otras organizaciones. It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183 https://access.redhat.com/security/cve/CVE-2014-8183 https://bugzilla.redhat.com/show_bug.cgi?id=1480886 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. foreman-debug, en versiones anteriores a la 1.15.0, es vulnerable a un error en la creación de logs de foreman-debug. Un atacante con acceso al archivo de logs de foreman podría ver contraseñas, lo que les permitiría acceder a esos sistemas. A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems. • http://www.securityfocus.com/bid/94985 https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9593 https://access.redhat.com/security/cve/CVE-2016-9593 https://bugzilla.redhat.com/show_bug.cgi?id=1406384 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. Un atacante que envíe hechos que contienen HTML al servidor Foreman puede provocar Cross-Site Scripting (XSS) persistente en ciertas páginas: (1) La página Facts, al hacer clic en el botón "chart" y desplazándose sobre el gráfico; (2) la página Trends, al comprobar el gráfico para una tendencia basada en un hecho; (3) la página Statistics, para los hechos que se agregan en esta página. • http://projects.theforeman.org/issues/21519 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/theforeman/foreman/pull/4967 https://access.redhat.com/security/cve/CVE-2017-15100 https://bugzilla.redhat.com/show_bug.cgi?id=1508551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Foreman en versiones anteriores a la 1.5.2 permiten que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el nombre (1) o la descripción (2) del sistema operativo. • http://projects.theforeman.org/issues/6580 https://bugzilla.redhat.com/show_bug.cgi?id=1108745 https://github.com/theforeman/foreman/pull/1580 https://theforeman.org/security.html#2014-3531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. Vulnerabilidad Cross-Site Scripting (XSS) en la funcionalidad de autocompletar búsquedas en versiones anteriores a la 1.4.4 de Foreman permite que usuarios remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una clave de nombre manipulada. • http://projects.theforeman.org/issues/5471 https://bugzilla.redhat.com/show_bug.cgi?id=1094642 https://theforeman.org/security.html#2014-0208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •