GCVE - cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*

part: a version: 1.11.0 update: *

Vendor	Theforeman (`760bf134-312a-50ab-8452-1d7485d10f9b`)
Product	Foreman (`a88a3ac5-9a3c-5a4c-91ec-c5eca465eab6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.573304
`pkg:deb/ubuntu/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.573305
`pkg:gem/foreman`	purl2cpe	2026-06-01 10:15:04.573307
`pkg:github/theforeman/foreman`	purl2cpe	2026-06-01 10:15:04.573308
`pkg:rpm/opensuse/rubygem-foreman`	purl2cpe	2026-06-01 10:15:04.573309

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7505`	vulnerable	2026-06-08 05:09:56.261865	Details available Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. Published: 2017-05-26T16:00:00.000Z Updated: 2024-08-05T16:04:11.828Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98607 http://projects.theforeman.org/issues/19612 https://github.com/theforeman/foreman/pull/4545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3728`	vulnerable	2026-06-08 05:07:45.916576	Details available Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. Published: 2016-05-20T14:00:00.000Z Updated: 2024-08-06T00:03:34.638Z Open on db.gcve.eu Reference links https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 http://www.openwall.com/lists/oss-security/2016/05/19/2 http://projects.theforeman.org/issues/14931 http://theforeman.org/security.html#2016-3728 https://access.redhat.com/errata/RHBA-2016:1501	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2100`	vulnerable	2026-06-08 05:07:32.962979	Details available Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. Published: 2016-05-20T14:00:00.000Z Updated: 2024-08-05T23:17:50.599Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHBA-2016:1500 http://www.openwall.com/lists/oss-security/2016/03/31/2 http://projects.theforeman.org/issues/13828 http://theforeman.org/security.html#2016-2100	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5282`	vulnerable	2026-06-08 05:06:49.431780	Details available Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. Published: 2017-09-25T17:00:00.000Z Updated: 2024-08-06T06:41:09.516Z Open on db.gcve.eu Reference links https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57 https://bugzilla.redhat.com/show_bug.cgi?id=1264221 http://www.openwall.com/lists/oss-security/2015/09/21/3 https://theforeman.org/security.html#2015-5282 http://projects.theforeman.org/issues/11859	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.