Vulnerabilities in The Foreman Project
8 resultsCVE-2016-8613MEDIUMA flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitEPSS 2.4%CVE-2019-3893MEDIUMIn Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the EPSS 1.9%CVE-2019-10198MEDIUMAn authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_reEPSS 1.6%CVE-2018-14623MEDIUMA SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SEPSS 1.4%CVE-2016-8639MEDIUMIt was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker witEPSS 1.2%CVE-2016-8634MEDIUMA vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the secondEPSS 1.1%CVE-2017-2662MEDIUMA flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filteEPSS 0.9%CVE-2018-16861HIGHA cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the HoEPSS 0.9%