Page 9 of 53 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. La API clasificador de nodos externos (ENC) en Foreman anterior a 1.1 permite a atacantes remotos obtener contraseñas root en hash a través de una solicitud API. • http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. Foreman anterior a 1.1 permite a usuarios remotos autenticados ganar privilegios a través de una solicitud (1) XMLHttpRequest o (2) AJAX. • http://theforeman.org/security.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 1

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof." Foreman 1.4.0 anterior a 1.5.0 no restringe debidamente acceso a la provisión de vistas preliminares de plantillas, lo que permite a atacantes remotos obtener información sensible a través del parámetro hostname, relacionado con 'falsificar.' • http://projects.theforeman.org/issues/5436 http://theforeman.org/security.html https://bugzilla.redhat.com/show_bug.cgi?id=1092354 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Foreman anterior a 1.1 utiliza un salt de 'foreman' para crear hashes de contraseñas root, lo que facilita a atacantes adivinar la contraseña a través de un ataque de fuerza bruta. • http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. La API de ejecución de Smart Proxy Puppet en Foreman anterior a 1.2.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores relacionados con escaparse y comandos Puppet. • http://theforeman.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •