Vulnerabilities
Vulnerable Software
Theforeman:  >> Foreman  >> 0.1  Security Vulnerabilities
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
CVSS Score
6.8
EPSS Score
0.014
Published
2014-05-08
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
CVSS Score
3.6
EPSS Score
0.003
Published
2014-05-08
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVSS Score
7.5
EPSS Score
0.03
Published
2014-05-08
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVSS Score
5.0
EPSS Score
0.011
Published
2014-05-08
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
CVSS Score
5.0
EPSS Score
0.017
Published
2014-05-08
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
CVSS Score
6.5
EPSS Score
0.011
Published
2014-05-08
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
CVSS Score
7.5
EPSS Score
0.019
Published
2014-05-08
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
CVSS Score
7.5
EPSS Score
0.021
Published
2014-04-04
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVSS Score
7.5
EPSS Score
0.012
Published
2013-11-20
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVSS Score
5.0
EPSS Score
0.024
Published
2013-09-16


Contact Us

Shodan ® - All rights reserved