Theforeman

Foreman

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.12%
  • Veröffentlicht 08.05.2014 14:29:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.

  • EPSS 1.08%
  • Veröffentlicht 08.05.2014 14:29:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.

  • EPSS 1.85%
  • Veröffentlicht 08.05.2014 14:29:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.

  • EPSS 2.14%
  • Veröffentlicht 04.04.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.

Exploit
  • EPSS 1.89%
  • Veröffentlicht 27.03.2014 16:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.

  • EPSS 1.24%
  • Veröffentlicht 20.11.2013 14:12:21
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

  • EPSS 2.4%
  • Veröffentlicht 16.09.2013 19:14:38
  • Zuletzt bearbeitet 29.04.2026 01:13:23

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

  • EPSS 2.41%
  • Veröffentlicht 16.09.2013 19:14:38
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

  • EPSS 20.93%
  • Veröffentlicht 31.07.2013 13:20:25
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role...

Exploit
  • EPSS 24.78%
  • Veröffentlicht 31.07.2013 13:20:25
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.