GCVE - cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*

part: a version: 1.6.0 update: *

Vendor	Theforeman (`760bf134-312a-50ab-8452-1d7485d10f9b`)
Product	Foreman (`a88a3ac5-9a3c-5a4c-91ec-c5eca465eab6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.574318
`pkg:deb/ubuntu/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.574320
`pkg:gem/foreman`	purl2cpe	2026-06-01 10:15:04.574321
`pkg:github/theforeman/foreman`	purl2cpe	2026-06-01 10:15:04.574322
`pkg:rpm/opensuse/rubygem-foreman`	purl2cpe	2026-06-01 10:15:04.574324

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7505`	vulnerable	2026-06-08 05:09:56.241667	Details available Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. Published: 2017-05-26T16:00:00.000Z Updated: 2024-08-05T16:04:11.828Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98607 http://projects.theforeman.org/issues/19612 https://github.com/theforeman/foreman/pull/4545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5152`	vulnerable	2026-06-08 05:06:48.922703	Details available Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. Published: 2017-07-14T20:00:00.000Z Updated: 2024-08-06T06:32:32.742Z Open on db.gcve.eu Reference links http://projects.theforeman.org/issues/11119 https://bugzilla.redhat.com/show_bug.cgi?id=1243571	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3691`	vulnerable	2026-06-08 05:05:42.459226	Details available Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. Published: 2015-03-09T14:00:00.000Z Updated: 2024-08-06T10:50:17.984Z Open on db.gcve.eu Reference links https://github.com/theforeman/smart-proxy/pull/217 http://projects.theforeman.org/issues/7822 http://rhn.redhat.com/errata/RHSA-2015-0287.html http://rhn.redhat.com/errata/RHSA-2015-0288.html https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.