Theforeman Foreman : Security vulnerabilities, CVEs Information leak published in 2018

Copy

CVE-2018-1097

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

Max CVSS

8.8

EPSS Score

0.21%

Published

2018-04-04

Updated

2023-02-13

CVE-2016-7078

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

Max CVSS

4.3

EPSS Score

0.37%

Published

2018-09-10

Updated

2019-10-09

CVE-2016-7077

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

Max CVSS

4.3

EPSS Score

0.31%

Published

2018-09-10

Updated

2019-10-09

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!