Vulnerabilities > Theforeman > Foreman > 1.18.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
| 2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2022-08-16 | CVE-2020-10710 | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. | 4.4 |
| 2021-12-23 | CVE-2021-3584 | OS Command Injection vulnerability in multiple products A server side remote code execution vulnerability was found in Foreman project. | 9.0 |
| 2021-06-03 | CVE-2021-3469 | Incorrect Authorization vulnerability in Theforeman Foreman Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. | 3.5 |
| 2021-04-26 | CVE-2021-3494 | Cleartext Transmission of Sensitive Information vulnerability in Theforeman Foreman A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. | 4.3 |
| 2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 3.5 |
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 3.5 |