CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5233 – foreman: reports show/destroy not restricted by host authorization
https://notcve.org/view.php?id=CVE-2015-5233
15 Dec 2015 — Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. Foreman en versiones anteriores a 1.8.4 y 1.9.x en versiones anteriores a 1.9.1 no aplica correctamente los permisos view... • http://projects.theforeman.org/issues/11579 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3235 – foreman: edit_users permission allows changing of admin passwords
https://notcve.org/view.php?id=CVE-2015-3235
12 Aug 2015 — Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. Vulnerabilidad en Foreman en versiones anteriores a 1.9.0, permite a usuarios remotos autenticados con el permiso edit_users editar a usuarios administradores y cambiar sus contraseñas a través de vectores no especificados. It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user t... • http://projects.theforeman.org/issues/10829 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3155 – foreman: the _session_id cookie is issued without the Secure flag
https://notcve.org/view.php?id=CVE-2015-3155
12 Aug 2015 — Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Vulnerabilidad en Foreman en versiones anteriores a 1.8.1, no configura el indicador de seguridad para la cookie the _session_id en una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión dentro de una sesión http. It was found that Foreman di... • http://projects.theforeman.org/issues/10275 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1816 – foreman: lack of SSL certificate validation when performing LDAPS authentication
https://notcve.org/view.php?id=CVE-2015-1816
12 Aug 2015 — Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. Vulnerabilidad en Foreman en versiones anteriores a 1.7.4, no verifica certificados SSL para conexiones LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores LDAP a través de un certificado manipulado. It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was ... • http://projects.theforeman.org/issues/9858 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1844 – foreman: API not scoping resources to taxonomies
https://notcve.org/view.php?id=CVE-2015-1844
12 Aug 2015 — Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. Vulnerabilidad en Foreman en versiones anteriores a 1.7.5, permite a usuarios remotos autenticados eludir las restricciones de organización y localización conectándose a través de la API REST. A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain a... • http://projects.theforeman.org/issues/9947 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3653 – foreman: cross-site scripting (XSS) flaw in template preview screen
https://notcve.org/view.php?id=CVE-2014-3653
06 Jul 2015 — Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template. Vulnerabilidad de XSS en la función Template Preview en Foreman anterior a 1.6.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una plantilla de provisionamiento manipulada. A cross-site scripting (XSS) flaw was found in Foreman's template preview screen. A remote a... • http://projects.theforeman.org/issues/7483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3691 – foreman-proxy: failure to verify SSL certificates
https://notcve.org/view.php?id=CVE-2014-3691
03 Mar 2015 — Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. Smart Proxy (también conocido como Smart-Proxy y foreman-proxy) en Foreman en versiones anteriores a 1.5.4 y 1.6.x en versiones anteriores a 1.6.2 no valida certificados SSL, lo que permite a atacantes remotos eludir autenticación intencionada y... • http://projects.theforeman.org/issues/7822 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3491
https://notcve.org/view.php?id=CVE-2014-3491
01 Jul 2014 — Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes. Vulnerabilidad de XSS en Foreman anterior a 1.4.5 y 1.5.x anterior a 1.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo de Nombre en la página de grupos del anfitrión nuevo, relacionado con crear, ... • http://projects.theforeman.org/issues/5881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3492
https://notcve.org/view.php?id=CVE-2014-3492
01 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host. Múltiples vulnerabilidades de XSS en la visualización del anfitrión YAML en Foreman anterior a 1.4.5 y 1.5.x anterior a 1.5.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de (1) nombre o (2) valor relaciona... • http://projects.theforeman.org/issues/6149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4507
https://notcve.org/view.php?id=CVE-2014-4507
20 Jun 2014 — Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. Vulnerabilidad de salto de directorio en Smart-Proxy en Foreman anterior a 1.4.5 y 1.5.x anterior a 1.5.1 permite a atacantes remotos sobrescribir ficheros arbitrarios a través de un .. (punto punto) en el parámetro dst en tftp/fetch_boot_file. • http://projects.theforeman.org/issues/6086 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •