Theforeman Foreman vulnerabilities
65 known vulnerabilities affecting theforeman/foreman.
Total CVEs
65
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH18MEDIUM44LOW1
Vulnerabilities
Page 4 of 4
CVE-2014-0089P4MEDIUMCVSS 4.3v1.4.0v1.4.12014-03-27
CVE-2014-0089 [MEDIUM] CWE-79 CVE-2014-0089: Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
nvd
CVE-2014-3491P4MEDIUMCVSS 4.3≤ 1.4.4v1.4.0+4 more2014-07-01
CVE-2014-3491 [MEDIUM] CWE-79 CVE-2014-3491: Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remot
Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
nvd
CVE-2023-4886P4MEDIUMCVSS 4.4fixed in 3.8.02023-10-03
CVE-2023-4886 [MEDIUM] CWE-200 CVE-2023-4886: A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
nvd
CVE-2014-3492P4MEDIUMCVSS 4.3≤ 1.4.4v1.4.0+4 more2014-07-01
CVE-2014-3492 [MEDIUM] CWE-79 CVE-2014-3492: Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 an
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.
nvd
CVE-2012-5477P4LOWCVSS 3.6≤ 1.02014-05-08
CVE-2012-5477 [LOW] CWE-264 CVE-2012-5477: The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify file
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
nvd
← Previous4 / 4