Vulnerabilities > Theforeman > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2021-3456 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Salt An improper authorization handling flaw was found in Foreman. | 3.6 |
| 2022-03-25 | CVE-2021-20290 | Incorrect Authorization vulnerability in Theforeman Openscap An improper authorization handling flaw was found in Foreman. | 3.6 |
| 2021-06-03 | CVE-2021-3469 | Incorrect Authorization vulnerability in Theforeman Foreman Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. | 3.5 |
| 2021-05-12 | CVE-2021-3457 | Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks An improper authorization handling flaw was found in Foreman. | 3.6 |
| 2019-12-13 | CVE-2014-0241 | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 2.1 |
| 2019-12-05 | CVE-2013-0283 | Cross-site Scripting vulnerability in Theforeman Katello Katello: Username in Notification page has cross site scripting | 3.5 |
| 2019-11-25 | CVE-2019-14825 | Cleartext Storage of Sensitive Information vulnerability in Theforeman Katello A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. | 2.7 |
| 2019-01-13 | CVE-2018-16887 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 3.5 |
| 2018-12-07 | CVE-2018-16861 | Cross-site Scripting vulnerability in Theforeman Foreman A cross-site scripting (XSS) flaw was found in the foreman component of satellite. | 3.5 |
| 2018-10-12 | CVE-2018-14664 | Cross-site Scripting vulnerability in Theforeman Foreman 1.18.0 A flaw was found in foreman from versions 1.18. | 3.5 |