CVE-2026-5138
- EPSS 0.23%
- Veröffentlicht 01.07.2026 14:08:43
- Zuletzt bearbeitet 09.07.2026 02:38:49
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and...
CVE-2026-5135
- EPSS 0.24%
- Veröffentlicht 01.07.2026 14:08:39
- Zuletzt bearbeitet 09.07.2026 02:39:11
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nes...
CVE-2026-5142
- EPSS 0.25%
- Veröffentlicht 01.07.2026 14:07:55
- Zuletzt bearbeitet 09.07.2026 02:38:36
A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability lea...
CVE-2026-5136
- EPSS 0.3%
- Veröffentlicht 01.07.2026 13:28:00
- Zuletzt bearbeitet 09.07.2026 02:39:36
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, includi...
CVE-2026-13316
- EPSS 0.11%
- Veröffentlicht 30.06.2026 09:53:03
- Zuletzt bearbeitet 06.07.2026 17:29:58
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
CVE-2026-9073
- EPSS 0.15%
- Veröffentlicht 23.06.2026 19:53:15
- Zuletzt bearbeitet 06.07.2026 17:49:24
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an ...
CVE-2026-12112
- EPSS 0.15%
- Veröffentlicht 23.06.2026 19:40:51
- Zuletzt bearbeitet 01.07.2026 18:09:00
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non...
CVE-2025-9572
- EPSS 0.35%
- Veröffentlicht 27.02.2026 07:28:44
- Zuletzt bearbeitet 24.03.2026 12:16:12
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leadi...
- EPSS 0.57%
- Veröffentlicht 05.11.2025 07:32:14
- Zuletzt bearbeitet 15.04.2026 00:35:42
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validatio...
CVE-2024-8553
- EPSS 0.44%
- Veröffentlicht 31.10.2024 15:15:17
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in ...