threat
engine
.sh
Back
·
··:··
Home
/
Product
/
theforeman foreman
Product
theforeman foreman
71 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-9572
>= 1.22.0 and < 3.16.2
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Un
5.0
MEDIUM
CVE-2024-7700
all versions
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field
6.5
MEDIUM
CVE-2023-4886
< 3.8.0
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords
6.7
MEDIUM
CVE-2022-3874
all versions
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instanc
8.0
HIGH
CVE-2023-0462
< 3.8.0
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underly
8.0
HIGH
CVE-2023-0118
all versions
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute
9.1
CRITICAL
CVE-2021-20260
all versions
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local atta
7.8
HIGH
CVE-2021-3590
>= 1.6.0
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO
8.8
HIGH
CVE-2020-10710
< 1.24.1.22
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-instal
4.4
MEDIUM
CVE-2021-3584
< 2.4.1
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail config
7.2
HIGH
CVE-2021-3469
< 2.3.4
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker c
5.4
MEDIUM
CVE-2021-3494
< 2.5.0
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-t
5.9
MEDIUM
CVE-2014-0091
all versions
Foreman has improper input validation which could lead to partial Denial of Service
5.3
MEDIUM
CVE-2014-8183
>= 1.0 and < 1.15.6
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resour
7.4
HIGH
CVE-2019-10198
< 0.15.7
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched throu
6.5
MEDIUM
CVE-2019-3893
>= 1.20.0 and < 1.20.3
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosu
4.9
MEDIUM
CVE-2018-16861
< 1.18.3
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries us
7.6
HIGH
CVE-2018-14664
all versions
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HT
5.4
MEDIUM
CVE-2018-14643
all versions
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this fl
9.8
CRITICAL
CVE-2016-7078
all versions
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is ass
4.3
MEDIUM
CVE-2016-7077
< 1.14.0
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for a
4.3
MEDIUM
CVE-2016-8639
< 1.13.0
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an at
6.1
MEDIUM
CVE-2016-8634
all versions
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then
6.1
MEDIUM
CVE-2016-8613
all versions
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job
6.4
MEDIUM
CVE-2017-7535
< 1.16.0
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requir
6.1
MEDIUM
CVE-2017-2672
< 1.15
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the fo
6.5
MEDIUM
CVE-2016-9593
< 1.15.0
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log
4.7
MEDIUM
CVE-2018-1096
< 1.16.1
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this f
6.5
MEDIUM
CVE-2018-1097
< 1.6.1
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off
8.8
HIGH
CVE-2017-15100
< 1.16.0
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when c
6.1
MEDIUM
CVE-2014-3531
<= 1.5.1
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary w
5.4
MEDIUM
CVE-2014-0208
<= 1.4.3
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authent
5.4
MEDIUM
CVE-2015-5246
all versions
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via v
8.1
HIGH
CVE-2015-5282
all versions
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
6.1
MEDIUM
CVE-2015-5152
all versions
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which
8.1
HIGH
CVE-2017-7505
all versions
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who
8.8
HIGH
CVE-2016-6320
<= 1.12.1
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote
5.4
MEDIUM
CVE-2016-6319
<= 1.12.1
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and p
6.1
MEDIUM
CVE-2016-5390
>= 1.11.0 and < 1.11.4
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter
5.3
MEDIUM
CVE-2016-4995
>= 1.11.0 and < 1.11.4
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows r
5.3
MEDIUM
CVE-2016-4475
<= 1.11.3
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticat
8.8
HIGH
CVE-2016-4451
<= 1.11.2
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users
5.0
MEDIUM
CVE-2016-3728
all versions
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.
8.8
HIGH
CVE-2016-2100
<= 1.10.2
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks b
5.4
MEDIUM
CVE-2015-5233
<= 1.8.3
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated us
4.2
MEDIUM
CVE-2015-7518
<= 1.9.3
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to injec
CVE-2015-3235
<= 1.8.2
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their
CVE-2015-3155
<= 1.8.0
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote
CVE-2015-1844
<= 1.7.4
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the
CVE-2015-1816
<= 1.7.3
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP
CVE-2014-3653
<= 1.6.0
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to injec
CVE-2014-3691
<= 1.5.3
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates,
CVE-2014-3492
<= 1.4.4
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow rem
CVE-2014-3491
<= 1.4.4
Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrar
CVE-2014-4507
<= 1.4.4
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwri
CVE-2014-0007
<= 1.4.4
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell met
CVE-2014-0192
all versions
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to o
CVE-2014-0090
<= 1.4.1
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
CVE-2013-0210
<= 1.0
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related t
CVE-2013-0187
<= 1.0
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
CVE-2013-0174
<= 1.0
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API
CVE-2013-0173
<= 1.0
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via
CVE-2013-0171
<= 1.0
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report impor
CVE-2012-5477
<= 1.0
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via un
CVE-2012-5648
<= 1.0
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspec
CVE-2014-0089
all versions
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticate
CVE-2013-4386
<= 1.2.2
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to exe
CVE-2013-4182
<= 1.2.1
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote
CVE-2013-4180
<= 1.2.1
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of
CVE-2013-2121
<= 1.2.0
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authentica
CVE-2013-2113
<= 1.2.0
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permis
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin