Vulnerabilities > Theforeman

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2014-0241 Insufficiently Protected Credentials vulnerability in multiple products
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
local
low complexity
theforeman redhat CWE-522
2.1
2019-12-11 CVE-2014-0091 Improper Input Validation vulnerability in Theforeman Foreman
Foreman has improper input validation which could lead to partial Denial of Service
network
low complexity
theforeman CWE-20
5.0
2019-12-10 CVE-2013-4120 Resource Exhaustion vulnerability in Theforeman Katello
Katello has a Denial of Service vulnerability in API OAuth authentication
network
low complexity
theforeman CWE-400
5.0
2019-12-05 CVE-2013-0283 Cross-Site Scripting vulnerability in Theforeman Katello
Katello: Username in Notification page has cross site scripting
network
theforeman CWE-79
3.5
2019-12-03 CVE-2013-2101 Cross-Site Scripting vulnerability in multiple products
Katello has multiple XSS issues in various entities
3.5
2019-11-25 CVE-2019-14825 Cleartext Transmission of Sensitive Information vulnerability in Theforeman Katello
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9.
network
low complexity
theforeman CWE-319
4.0
2019-08-01 CVE-2014-8183 Improper Access Control vulnerability in multiple products
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources.
network
low complexity
theforeman redhat CWE-284
6.5
2019-07-31 CVE-2019-10198 Improper Authentication vulnerability in Theforeman Foreman-Tasks
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7.
network
low complexity
theforeman CWE-287
4.0
2019-04-09 CVE-2019-3893 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource.
network
low complexity
theforeman redhat CWE-732
4.0
2019-01-13 CVE-2018-16887 Cross-Site Scripting vulnerability in multiple products
A cross-site scripting (XSS) flaw was found in the katello component of Satellite.
3.5