cbcvebase.

Theforeman Foreman vulnerabilities

65 known vulnerabilities affecting theforeman/foreman.

Total CVEs
65
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH18MEDIUM44LOW1

Vulnerabilities

Page 2 of 4
CVE-2025-9572P3MEDIUMCVSS 6.5≥ 1.22.0, < 3.16.22026-02-27
CVE-2025-9572 [MEDIUM] CWE-863 CVE-2025-9572: n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
nvd
CVE-2014-8183P3HIGHCVSS 7.4≥ 1.0, < 1.15.6v1.x.x before 1.15.62019-08-01
CVE-2014-8183 [HIGH] CWE-284 CVE-2014-8183: It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce acc It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
nvd
CVE-2015-5152P3HIGHCVSS 8.1v1.1-1v1.2.0+28 more2017-07-17
CVE-2015-5152 [HIGH] CWE-200 CVE-2015-5152: Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
nvd
CVE-2018-1096P3MEDIUMCVSS 6.5fixed in 1.16.12018-04-05
CVE-2018-1096 [MEDIUM] CWE-89 CVE-2018-1096: An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1 An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
nvd
CVE-2014-4507P3MEDIUMCVSS 6.4≤ 1.4.4v1.4.0+4 more2014-06-20
CVE-2014-4507 [MEDIUM] CWE-22 CVE-2014-4507: Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allo Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
nvd
CVE-2013-0174P4MEDIUMCVSS 5.0≤ 1.02014-05-08
CVE-2013-0174 [MEDIUM] CWE-200 CVE-2013-0174: The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the h The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
nvd
CVE-2013-0187P4MEDIUMCVSS 6.5≤ 1.02014-05-08
CVE-2013-0187 [MEDIUM] CWE-264 CVE-2013-0187: Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
nvd
CVE-2021-3494P4MEDIUMCVSS 5.9fixed in 2.5.0vforeman 2.5.02021-04-26
CVE-2021-3494 [MEDIUM] CWE-319 CVE-2021-3494: A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the f A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this fl
nvd
CVE-2016-5390P4MEDIUMCVSS 5.3≥ 1.11.0, < 1.11.4≥ 1.12.0, < 1.12.12016-08-19
CVE-2016-5390 [MEDIUM] CWE-200 CVE-2016-5390: Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
nvd
CVE-2016-8613P4MEDIUMCVSS 6.1v1.5.12018-07-31
CVE-2016-8613 [MEDIUM] CWE-79 CVE-2016-8613: A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS v
nvd
CVE-2016-4451P4MEDIUMCVSS 5.0≤ 1.11.2v1.12.02016-08-19
CVE-2016-4451 [MEDIUM] CWE-254 CVE-2016-4451: The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 al The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
nvd
CVE-2015-3235P4MEDIUMCVSS 6.0≤ 1.8.22015-08-14
CVE-2015-3235 [MEDIUM] CWE-264 CVE-2015-3235: Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit admini Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
nvd
CVE-2019-3893P4MEDIUMCVSS 4.9≥ 1.20.0, < 1.20.3≥ 1.21.0, < 1.21.12019-04-09
CVE-2019-3893 [MEDIUM] CWE-732 CVE-2019-3893: In Foreman it was discovered that the delete compute resource operation, when executed from the Fore In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions b
nvd
CVE-2016-2100P4MEDIUMCVSS 5.4≤ 1.10.2v1.11.02016-05-20
CVE-2016-2100 [MEDIUM] CWE-284 CVE-2016-2100: Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
nvd
CVE-2016-8639P4MEDIUMCVSS 5.4fixed in 1.13.02018-08-01
CVE-2016-8639 [MEDIUM] CWE-79 CVE-2016-8639: It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or locatio It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
nvd
CVE-2014-0090P4MEDIUMCVSS 6.8≤ 1.4.1v1.0+6 more2014-05-08
CVE-2014-0090 [MEDIUM] CWE-287 CVE-2014-0090: Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web session Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
nvd
CVE-2016-6319P4MEDIUMCVSS 6.1≤ 1.12.12016-08-19
CVE-2016-6319 [MEDIUM] CWE-79 CVE-2016-6319: Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
nvd
CVE-2016-4995P4MEDIUMCVSS 5.3≥ 1.11.0, < 1.11.4≥ 1.12.0, < 1.12.12016-08-19
CVE-2016-4995 [MEDIUM] CWE-200 CVE-2016-4995: Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisio Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
nvd
CVE-2021-3469P4MEDIUMCVSS 5.4fixed in 2.3.4vforeman 2.3.4, foreman 2.4.02021-06-03
CVE-2021-3469 [MEDIUM] CWE-863 CVE-2021-3469: Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling fla Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorizatio
nvd
CVE-2017-7535P4MEDIUMCVSS 6.1fixed in 1.16.02018-07-26
CVE-2017-7535 [MEDIUM] CWE-79 CVE-2017-7535: foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.
nvd
Theforeman Foreman vulnerabilities | cvebase