CVE-2016-2100
https://notcve.org/view.php?id=CVE-2016-2100
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. Foreman en versiones anteriores a 1.10.3 y 1.11.0 en versiones anteriores a 1.11.0-RC2 permite a usuarios remotos autenticados leer, modificar o borrar marcadores privados aprovechando el permiso (1) edit_bookmarks o (2) destroy_bookmarks. • http://projects.theforeman.org/issues/13828 http://theforeman.org/security.html#2016-2100 http://www.openwall.com/lists/oss-security/2016/03/31/2 https://access.redhat.com/errata/RHBA-2016:1500 • CWE-284: Improper Access Control •
CVE-2016-3728
https://notcve.org/view.php?id=CVE-2016-3728
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. Vulnerabilidad en la inyección Eval en tftp_api.rb en el módulo TFTP en el Smart-Proxy en Foreman en versiones anteriores 1.10.4 y 1.11.x en versiones anteriores a 1.11.2 permite a atacantes remotos ejecutar un código arbitrario a través de la plantilla de porción tipo del PATH_INFO para tftp/. • http://projects.theforeman.org/issues/14931 http://theforeman.org/security.html#2016-3728 http://www.openwall.com/lists/oss-security/2016/05/19/2 https://access.redhat.com/errata/RHBA-2016:1501 https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 • CWE-284: Improper Access Control •
CVE-2015-7518 – foreman: Stored XSS vulnerability in smart class parameters/variables
https://notcve.org/view.php?id=CVE-2015-7518
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. Múltiples vulnerabilidades de XSS en popups de información en Foreman en versiones anteriores a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) parámetros globales, (2) parámetros de clase inteligente o (3) variables inteligentes en formularios de edición (a) host o (b) hostgroup. A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://projects.theforeman.org/issues/12611 http://theforeman.org/security.html#2015-7518 http://www.openwall.com/lists/oss-security/2015/12/09/6 https://access.redhat.com/errata/RHSA-2016:0174 https://access.redhat.com/security/cve/CVE-2015-7518 https://bugzilla.redhat.com/show_bug.cgi?id=1285728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5233 – foreman: reports show/destroy not restricted by host authorization
https://notcve.org/view.php?id=CVE-2015-5233
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. Foreman en versiones anteriores a 1.8.4 y 1.9.x en versiones anteriores a 1.9.1 no aplica correctamente los permisos view_hosts, lo que permite (1) a usuarios remotos autenticados con el permiso view_reports leer informes desde hosts arbitrarios o (2) a usuarios remotos autenticados con el permiso destroy_reports borrar informes desde hosts arbitrarios a través del acceso directo a (a) las páginas show/delete del informe individual o (b) APIs. A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman. • http://projects.theforeman.org/issues/11579 http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization https://access.redhat.com/errata/RHSA-2015:2622 https://access.redhat.com/security/cve/CVE-2015-5233 https://bugzilla.redhat.com/show_bug.cgi?id=1262443 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2015-1844 – foreman: API not scoping resources to taxonomies
https://notcve.org/view.php?id=CVE-2015-1844
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. Vulnerabilidad en Foreman en versiones anteriores a 1.7.5, permite a usuarios remotos autenticados eludir las restricciones de organización y localización conectándose a través de la API REST. A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access. • http://projects.theforeman.org/issues/9947 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://github.com/theforeman/foreman/pull/2273 https://groups.google.com/forum/#%21topic/foreman-announce/37KYWhIk4FY https://groups.google.com/forum/#%21topic/foreman-users/qAGZh5n6n6M https://access.redhat.com/security/cve/CVE-2015-1844 https://bugzilla.redhat.com/show_bug.cgi?id=1207589 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-264: Permissions, Privileges, and Access Controls •