Theforeman Foreman vulnerabilities

CVE-2015-5233 [MEDIUM] CWE-264 CVE-2015-5233: Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allo Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual

CVE-2015-7518 [MEDIUM] CWE-79 CVE-2015-7518: Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 a Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

CVE-2015-1816 [MEDIUM] CWE-310 CVE-2015-1816: Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-m Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

CVE-2015-3235 [MEDIUM] CWE-264 CVE-2015-3235: Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit admini Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.

CVE-2015-3155 [MEDIUM] CWE-284 CVE-2015-3155: Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, wh Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVE-2015-1844 [MEDIUM] CWE-264 CVE-2015-1844: Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restricti Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.

CVE-2014-3653 [MEDIUM] CWE-79 CVE-2014-3653: Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 al Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-3691 [HIGH] CWE-310 CVE-2014-3691: Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

CVE-2014-3492 [MEDIUM] CWE-79 CVE-2014-3492: Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 an Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.

CVE-2014-3491 [MEDIUM] CWE-79 CVE-2014-3491: Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remot Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.

CVE-2014-0007 [HIGH] CVE-2014-0007: The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute ar The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

CVE-2014-4507 [MEDIUM] CWE-22 CVE-2014-4507: Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allo Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.

CVE-2013-0210 [HIGH] CWE-94 CVE-2013-0210: The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.

CVE-2013-0171 [HIGH] CWE-94 CVE-2013-0171: Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to th Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.

CVE-2013-0187 [MEDIUM] CWE-264 CVE-2013-0187: Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

CVE-2014-0192 [MEDIUM] CWE-264 CVE-2014-0192: Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, whic Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."

CVE-2013-0173 [MEDIUM] CWE-310 CVE-2013-0173: Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attack Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.

CVE-2013-0174 [MEDIUM] CWE-200 CVE-2013-0174: The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the h The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.

CVE-2014-0090 [MEDIUM] CWE-287 CVE-2014-0090: Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web session Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

CVE-2012-5477 [LOW] CWE-264 CVE-2012-5477: The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify file The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.