Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2021-3456 Incorrect Authorization vulnerability in Theforeman Smart Proxy Salt
An improper authorization handling flaw was found in Foreman.
local
low complexity
theforeman CWE-863
3.6
2022-03-25 CVE-2021-20290 Incorrect Authorization vulnerability in Theforeman Openscap
An improper authorization handling flaw was found in Foreman.
local
low complexity
theforeman CWE-863
3.6
2022-03-23 CVE-2021-3589 Missing Authentication for Critical Function vulnerability in multiple products
An authorization flaw was found in Foreman Ansible.
network
low complexity
theforeman redhat CWE-306
6.5
2021-12-23 CVE-2021-3584 OS Command Injection vulnerability in multiple products
A server side remote code execution vulnerability was found in Foreman project.
network
low complexity
theforeman redhat CWE-78
critical
9.0
2021-06-07 CVE-2021-20259 Information Exposure vulnerability in Theforeman Foremanfogproxmox
A flaw was found in the Foreman project.
local
low complexity
theforeman CWE-200
4.6
2021-06-03 CVE-2021-3469 Incorrect Authorization vulnerability in Theforeman Foreman
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw.
3.5
2021-05-27 CVE-2020-10716 Improper Authorization vulnerability in multiple products
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman CWE-285
4.0
2021-05-12 CVE-2021-3457 Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks
An improper authorization handling flaw was found in Foreman.
local
low complexity
theforeman CWE-863
3.6
2021-04-26 CVE-2021-3494 Cleartext Transmission of Sensitive Information vulnerability in Theforeman Foreman
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack.
4.3
2021-04-08 CVE-2021-3413 Information Exposure vulnerability in multiple products
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0.
network
low complexity
theforeman redhat CWE-200
6.5