theforeman Foreman 1.11.0 Release Candidate 2

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*

part: a version: 1.11.0 update: rc2

VendorTheforeman (760bf134-312a-50ab-8452-1d7485d10f9b)
ProductForeman (a88a3ac5-9a3c-5a4c-91ec-c5eca465eab6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/ruby-foreman purl2cpe 2026-06-01 10:15:04.573325
pkg:deb/ubuntu/ruby-foreman purl2cpe 2026-06-01 10:15:04.573327
pkg:gem/foreman purl2cpe 2026-06-01 10:15:04.573328
pkg:github/theforeman/foreman purl2cpe 2026-06-01 10:15:04.573330
pkg:rpm/opensuse/rubygem-foreman purl2cpe 2026-06-01 10:15:04.573331

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-7505 vulnerable 2026-06-08 05:09:56.262906 Details available
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Published: 2017-05-26T16:00:00.000Z
Updated: 2024-08-05T16:04:11.828Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3728 vulnerable 2026-06-08 05:07:45.917734 Details available
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
Published: 2016-05-20T14:00:00.000Z
Updated: 2024-08-06T00:03:34.638Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.