Known Vulnerabilities for Foreman by Theforeman
Listed below are 10 of the newest known vulnerabilities associated with "Foreman" by "Theforeman".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-20260 | A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local... | 7.8 - HIGH | 2022-08-26 | 2022-09-01 |
| CVE-2021-3590 | A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password throug... | 8.8 - HIGH | 2022-08-22 | 2022-08-26 |
| CVE-2021-3584 | A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail c... | 7.2 - HIGH | 2021-12-23 | 2022-01-05 |
| CVE-2021-3494 | A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man... | 5.9 - MEDIUM | 2021-04-26 | 2021-05-04 |
| CVE-2021-3469 | Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attac... | 5.4 - MEDIUM | 2021-06-03 | 2021-06-10 |
| CVE-2020-10710 | A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-i... | 4.4 - MEDIUM | 2022-08-16 | 2022-12-08 |
| CVE-2019-3893 | In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the dis... | 4.9 - MEDIUM | 2019-04-09 | 2022-11-30 |
| CVE-2018-14643 | An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use th... | 9.8 - CRITICAL | 2018-09-21 | 2023-02-12 |
| CVE-2018-1097 | A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on an... | 8.8 - HIGH | 2018-04-04 | 2023-02-13 |
| CVE-2018-1096 | An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use t... | 6.5 - MEDIUM | 2018-04-05 | 2019-10-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Theforeman | Foreman | 1.9.3 | All | All | All |
| Application | Theforeman | Foreman | 1.9.2 | All | All | All |
| Application | Theforeman | Foreman | 1.9.1 | All | All | All |
| Application | Theforeman | Foreman | 1.9.0 | All | All | All |
| Application | Theforeman | Foreman | 1.8.4 | All | All | All |
| Application | Theforeman | Foreman | 1.8.3 | All | All | All |
| Application | Theforeman | Foreman | 1.8.2 | All | All | All |
| Application | Theforeman | Foreman | 1.8.1 | All | All | All |
| Application | Theforeman | Foreman | 1.8.0 | All | All | All |
| Application | Theforeman | Foreman | 1.7.5 | All | All | All |
| Application | Theforeman | Foreman | 1.7.4 | All | All | All |
| Application | Theforeman | Foreman | 1.7.3 | All | All | All |
| Application | Theforeman | Foreman | 1.7.2 | All | All | All |
| Application | Theforeman | Foreman | 1.7.1 | All | All | All |
| Application | Theforeman | Foreman | 1.7.0 | All | All | All |
| Application | Theforeman | Foreman | 1.6.3 | All | All | All |
| Application | Theforeman | Foreman | 1.6.1 | All | All | All |
| Application | Theforeman | Foreman | 1.6.0 | All | All | All |
| Application | Theforeman | Foreman | 1.5.3 | All | All | All |
| Application | Theforeman | Foreman | 1.5.2 | All | All | All |