- EPSS 1.12%
- Veröffentlicht 08.05.2014 14:29:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVE-2013-0187
- EPSS 1.08%
- Veröffentlicht 08.05.2014 14:29:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
CVE-2013-0210
- EPSS 1.85%
- Veröffentlicht 08.05.2014 14:29:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
CVE-2012-5648
- EPSS 2.14%
- Veröffentlicht 04.04.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
CVE-2014-0089
- EPSS 1.89%
- Veröffentlicht 27.03.2014 16:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
CVE-2013-4386
- EPSS 1.24%
- Veröffentlicht 20.11.2013 14:12:21
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-4182
- EPSS 2.4%
- Veröffentlicht 16.09.2013 19:14:38
- Zuletzt bearbeitet 29.04.2026 01:13:23
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
- EPSS 2.41%
- Veröffentlicht 16.09.2013 19:14:38
- Zuletzt bearbeitet 29.04.2026 01:13:23
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
- EPSS 20.93%
- Veröffentlicht 31.07.2013 13:20:25
- Zuletzt bearbeitet 29.04.2026 01:13:23
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role...
- EPSS 24.78%
- Veröffentlicht 31.07.2013 13:20:25
- Zuletzt bearbeitet 29.04.2026 01:13:23
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.