Vulnerabilities > Theforeman > Foreman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-7700 | Command Injection vulnerability in Theforeman Foreman A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. | 6.5 |
| 2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
| 2022-08-16 | CVE-2020-10710 | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. | 4.4 |
| 2021-06-03 | CVE-2021-3469 | Incorrect Authorization vulnerability in Theforeman Foreman Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. | 5.4 |
| 2021-04-26 | CVE-2021-3494 | Unspecified vulnerability in Theforeman Foreman A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. | 5.9 |
| 2019-12-11 | CVE-2014-0091 | Improper Input Validation vulnerability in Theforeman Foreman Foreman has improper input validation which could lead to partial Denial of Service | 5.3 |
| 2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
| 2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 4.8 |
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 5.4 |
| 2018-09-10 | CVE-2016-7078 | Information Exposure vulnerability in Theforeman Foreman 1.15.0 foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. | 4.3 |