CVE-2016-6319 – foreman: Persistent XSS in Foreman remote execution plugin
https://notcve.org/view.php?id=CVE-2016-6319
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. Vulnerabilidad de XSS en app/helpers/form_helper.rb en Foreman en versiones anteriores a 1.12.2, como se utiliza en Remote Execution y posiblemente otros plugins, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de etiqueta. It was found that foreman is vulnerable to a stored XSS via a job template with a malformed name. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface. • http://projects.theforeman.org/issues/16019 http://projects.theforeman.org/issues/16024 http://www.securityfocus.com/bid/92429 https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1365815 https://github.com/theforeman/foreman/commit/0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372 https://theforeman.org/security.html#2016-6319 https://access.redhat.com/security/cve/CVE-2016-6319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2100
https://notcve.org/view.php?id=CVE-2016-2100
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. Foreman en versiones anteriores a 1.10.3 y 1.11.0 en versiones anteriores a 1.11.0-RC2 permite a usuarios remotos autenticados leer, modificar o borrar marcadores privados aprovechando el permiso (1) edit_bookmarks o (2) destroy_bookmarks. • http://projects.theforeman.org/issues/13828 http://theforeman.org/security.html#2016-2100 http://www.openwall.com/lists/oss-security/2016/03/31/2 https://access.redhat.com/errata/RHBA-2016:1500 • CWE-284: Improper Access Control •
CVE-2016-3728
https://notcve.org/view.php?id=CVE-2016-3728
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. Vulnerabilidad en la inyección Eval en tftp_api.rb en el módulo TFTP en el Smart-Proxy en Foreman en versiones anteriores 1.10.4 y 1.11.x en versiones anteriores a 1.11.2 permite a atacantes remotos ejecutar un código arbitrario a través de la plantilla de porción tipo del PATH_INFO para tftp/. • http://projects.theforeman.org/issues/14931 http://theforeman.org/security.html#2016-3728 http://www.openwall.com/lists/oss-security/2016/05/19/2 https://access.redhat.com/errata/RHBA-2016:1501 https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 • CWE-284: Improper Access Control •
CVE-2015-7518 – foreman: Stored XSS vulnerability in smart class parameters/variables
https://notcve.org/view.php?id=CVE-2015-7518
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. Múltiples vulnerabilidades de XSS en popups de información en Foreman en versiones anteriores a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) parámetros globales, (2) parámetros de clase inteligente o (3) variables inteligentes en formularios de edición (a) host o (b) hostgroup. A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://projects.theforeman.org/issues/12611 http://theforeman.org/security.html#2015-7518 http://www.openwall.com/lists/oss-security/2015/12/09/6 https://access.redhat.com/errata/RHSA-2016:0174 https://access.redhat.com/security/cve/CVE-2015-7518 https://bugzilla.redhat.com/show_bug.cgi?id=1285728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5233 – foreman: reports show/destroy not restricted by host authorization
https://notcve.org/view.php?id=CVE-2015-5233
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. Foreman en versiones anteriores a 1.8.4 y 1.9.x en versiones anteriores a 1.9.1 no aplica correctamente los permisos view_hosts, lo que permite (1) a usuarios remotos autenticados con el permiso view_reports leer informes desde hosts arbitrarios o (2) a usuarios remotos autenticados con el permiso destroy_reports borrar informes desde hosts arbitrarios a través del acceso directo a (a) las páginas show/delete del informe individual o (b) APIs. A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman. • http://projects.theforeman.org/issues/11579 http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization https://access.redhat.com/errata/RHSA-2015:2622 https://access.redhat.com/security/cve/CVE-2015-5233 https://bugzilla.redhat.com/show_bug.cgi?id=1262443 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •