CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4886 – Foreman: world readable file containing secrets
https://notcve.org/view.php?id=CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. Se encontró una vulnerabilidad de exposición de información confidencial en Foreman. Se descubrió que el contenido del archivo server.xml de Tomcat, que contiene contraseñas para el almacén de claves y el almacén de confianza de Candlepin, es legible en todo el mundo. • https://access.redhat.com/errata/RHSA-2023:7851 https://access.redhat.com/errata/RHSA-2024:1061 https://access.redhat.com/security/cve/CVE-2023-4886 https://bugzilla.redhat.com/show_bug.cgi?id=2230135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0462 – Arbitrary code execution through yaml global parameters
https://notcve.org/view.php?id=CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. Se encontró una falla en la ejecución de código arbitrario en Foreman. Este problema puede permitir que un usuario administrador ejecute código arbitrario en el sistema operativo subyacente estableciendo parámetros globales con un payload YAML. • https://access.redhat.com/security/cve/CVE-2023-0462 https://bugzilla.redhat.com/show_bug.cgi?id=2162970 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10710
https://notcve.org/view.php?id=CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. Se ha detectado un fallo en el que es divulgada la contraseña Plaintext Candlepin al actualizar Red Hat Satellite mediante del instalador de satélites. Este fallo permite a un atacante con privilegios suficientemente altos, como root, recuperar la contraseña de texto plano de Candlepin. • https://bugzilla.redhat.com/show_bug.cgi?id=1816747 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3584 – foreman: Authenticate remote code execution through Sendmail configuration
https://notcve.org/view.php?id=CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. Se encontró una vulnerabilidad de ejecución de código remota del lado del servidor Foreman project. • https://bugzilla.redhat.com/show_bug.cgi?id=1968439 https://github.com/theforeman/foreman/pull/8599 https://projects.theforeman.org/issues/32753 https://access.redhat.com/security/cve/CVE-2021-3584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3469
https://notcve.org/view.php?id=CVE-2021-3469
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. Foreman versiones anteriores a 2.3.4 y versiones anteriores a 2.4.0, están afectadas por un fallo en el manejo de la autorización. Un atacante autenticado puede hacerse pasar por el foreman-proxy si el producto permite que la autoridad de certificados (CA) de Puppet firme peticiones de certificados que tengan nombres alternativos de sujeto (SAN). • https://bugzilla.redhat.com/show_bug.cgi?id=1943630 • CWE-863: Incorrect Authorization •