Vulnerabilities > Theforeman
|2021-06-07||CVE-2021-20259|| Information Exposure vulnerability in Theforeman Foremanfogproxmox |
A flaw was found in the Foreman project.
| 4.6 |
|2021-06-03||CVE-2021-3469|| Incorrect Authorization vulnerability in Theforeman Foreman |
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw.
| 3.5 |
|2021-05-27||CVE-2020-10716|| Improper Authorization vulnerability in multiple products |
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
| 4.0 |
|2021-05-12||CVE-2021-3457|| Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks |
An improper authorization handling flaw was found in Foreman.
| 3.6 |
|2021-04-26||CVE-2021-3494|| Cleartext Transmission of Sensitive Information vulnerability in Theforeman Foreman |
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack.
| 4.3 |
|2021-04-08||CVE-2021-3413|| Information Exposure vulnerability in multiple products |
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0.
| 6.5 |
|2019-12-13||CVE-2014-0241|| Insufficiently Protected Credentials vulnerability in multiple products |
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
| 2.1 |
|2019-12-11||CVE-2014-0091|| Improper Input Validation vulnerability in Theforeman Foreman |
Foreman has improper input validation which could lead to partial Denial of Service
| 5.0 |
|2019-12-10||CVE-2013-4120|| Resource Exhaustion vulnerability in Theforeman Katello |
Katello has a Denial of Service vulnerability in API OAuth authentication
| 5.0 |
|2019-12-05||CVE-2013-0283|| Cross-site Scripting vulnerability in Theforeman Katello |
Katello: Username in Notification page has cross site scripting
| 3.5 |