CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4812 – Katello: potential cross-site scripting exploit in ui
https://notcve.org/view.php?id=CVE-2024-4812
05 Jun 2024 — A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections. Se encontró una falla en el complemento Katello para Foreman, donde es posible almacenar código JavaScript malicioso en el campo "Descripción" de un usuario. Este código se puede ejecutar al abrir determinadas páginas, por ejemplo, Colecciones de hosts. • https://access.redhat.com/security/cve/CVE-2024-4812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3716 – Foreman-installer: candlepin database password being leaked to local users via the process list
https://notcve.org/view.php?id=CVE-2024-3716
05 Jun 2024 — A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. Se encontró una falla en Foreman-installer cuando se invoca a Puppet-candlepin cpdb con el parámetro --password. Este problema filtra la contraseña en la lista de procesos y permite que un atacante aproveche y obtenga la contraseña. • https://access.redhat.com/security/cve/CVE-2024-3716 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
18 Dec 2023 — An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidament... • https://access.redhat.com/errata/RHSA-2024:2010 • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5189 – Hub: insecure galaxy-importer tarfile extraction
https://notcve.org/view.php?id=CVE-2023-5189
14 Nov 2023 — A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. Existe una vulnerabilidad de path traversal en Ansible al extraer archivos comprimidos. Un atacante podría crear un tarball malicioso para que, al utilizar el importador galaxy de Ansible Automation Hub, se pueda colocar un enlace simbólico en el di... • https://access.redhat.com/errata/RHSA-2023:7773 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1832 – Improper authorization check in the server component
https://notcve.org/view.php?id=CVE-2023-1832
04 Oct 2023 — An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. Se encontró una falla de control de acceso inadecuado en Candlepin. Un atacante puede crear datos pertenecientes a otro customer/tenant, lo que puede provocar una pérdida de confidencialidad y disponibilidad para el customer/tenant afectado. • https://access.redhat.com/security/cve/CVE-2023-1832 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4886 – Foreman: world readable file containing secrets
https://notcve.org/view.php?id=CVE-2023-4886
03 Oct 2023 — A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. Se encontró una vulnerabilidad de exposición de información confidencial en Foreman. Se descubrió que el contenido del archivo server.xml de Tomcat, que contiene contraseñas para el almacén de claves y el almacén de confianza de Candlepin, es legible en todo el mundo. Updated Satellite 6.14 packages that fi... • https://access.redhat.com/errata/RHSA-2023:7851 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3874 – Os command injection via ct_command and fcct_command
https://notcve.org/view.php?id=CVE-2022-3874
22 Sep 2023 — A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. Se encontró falla en inyección de comando en capataz. Esta falla permite a un usuario autenticado con privilegios de administrador en la instancia de foreman transpilar comandos a través de configuraciones de C... • https://access.redhat.com/security/cve/CVE-2022-3874 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0118 – Foreman: arbitrary code execution through templates
https://notcve.org/view.php?id=CVE-2023-0118
04 Aug 2023 — An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. Se encontró una falla en la ejecución de código arbitrario en Foreman. Esta falla permite a un usuario administrador omitir el modo seguro en las plantillas y ejecutar código arbitrario en el sistema operativo subyacente. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their ... • https://access.redhat.com/errata/RHSA-2023:4466 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0119 – Foreman: stored cross-site scripting in host tab
https://notcve.org/view.php?id=CVE-2023-0119
01 Jun 2023 — A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. Se encontró una vulnerabilidad de Cross-Site Scripting almacenada en foreman. La sección Comment en la pestaña Hosts tiene un filtrado incorrecto de los datos de entrada del usuario. • https://access.redhat.com/errata/RHSA-2023:3387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •