CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2100
https://notcve.org/view.php?id=CVE-2016-2100
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. Foreman en versiones anteriores a 1.10.3 y 1.11.0 en versiones anteriores a 1.11.0-RC2 permite a usuarios remotos autenticados leer, modificar o borrar marcadores privados aprovechando el permiso (1) edit_bookmarks o (2) destroy_bookmarks. • http://projects.theforeman.org/issues/13828 http://theforeman.org/security.html#2016-2100 http://www.openwall.com/lists/oss-security/2016/03/31/2 https://access.redhat.com/errata/RHBA-2016:1500 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 0CVE-2016-3728
https://notcve.org/view.php?id=CVE-2016-3728
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. Vulnerabilidad en la inyección Eval en tftp_api.rb en el módulo TFTP en el Smart-Proxy en Foreman en versiones anteriores 1.10.4 y 1.11.x en versiones anteriores a 1.11.2 permite a atacantes remotos ejecutar un código arbitrario a través de la plantilla de porción tipo del PATH_INFO para tftp/. • http://projects.theforeman.org/issues/14931 http://theforeman.org/security.html#2016-3728 http://www.openwall.com/lists/oss-security/2016/05/19/2 https://access.redhat.com/errata/RHBA-2016:1501 https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7518 – foreman: Stored XSS vulnerability in smart class parameters/variables
https://notcve.org/view.php?id=CVE-2015-7518
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. Múltiples vulnerabilidades de XSS en popups de información en Foreman en versiones anteriores a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) parámetros globales, (2) parámetros de clase inteligente o (3) variables inteligentes en formularios de edición (a) host o (b) hostgroup. A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://projects.theforeman.org/issues/12611 http://theforeman.org/security.html#2015-7518 http://www.openwall.com/lists/oss-security/2015/12/09/6 https://access.redhat.com/errata/RHSA-2016:0174 https://access.redhat.com/security/cve/CVE-2015-7518 https://bugzilla.redhat.com/show_bug.cgi?id=1285728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5233 – foreman: reports show/destroy not restricted by host authorization
https://notcve.org/view.php?id=CVE-2015-5233
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. Foreman en versiones anteriores a 1.8.4 y 1.9.x en versiones anteriores a 1.9.1 no aplica correctamente los permisos view_hosts, lo que permite (1) a usuarios remotos autenticados con el permiso view_reports leer informes desde hosts arbitrarios o (2) a usuarios remotos autenticados con el permiso destroy_reports borrar informes desde hosts arbitrarios a través del acceso directo a (a) las páginas show/delete del informe individual o (b) APIs. A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman. • http://projects.theforeman.org/issues/11579 http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization https://access.redhat.com/errata/RHSA-2015:2622 https://access.redhat.com/security/cve/CVE-2015-5233 https://bugzilla.redhat.com/show_bug.cgi?id=1262443 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3235 – foreman: edit_users permission allows changing of admin passwords
https://notcve.org/view.php?id=CVE-2015-3235
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. Vulnerabilidad en Foreman en versiones anteriores a 1.9.0, permite a usuarios remotos autenticados con el permiso edit_users editar a usuarios administradores y cambiar sus contraseñas a través de vectores no especificados. It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges. • http://projects.theforeman.org/issues/10829 http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://bugzilla.redhat.com/show_bug.cgi?id=1232366 https://access.redhat.com/security/cve/CVE-2015-3235 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •