GCVE - cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*

part: a version: 1.12.0 update: *

Vendor	Theforeman (`760bf134-312a-50ab-8452-1d7485d10f9b`)
Product	Foreman (`a88a3ac5-9a3c-5a4c-91ec-c5eca465eab6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.573368
`pkg:deb/ubuntu/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.573369
`pkg:gem/foreman`	purl2cpe	2026-06-01 10:15:04.573371
`pkg:github/theforeman/foreman`	purl2cpe	2026-06-01 10:15:04.573372
`pkg:rpm/opensuse/rubygem-foreman`	purl2cpe	2026-06-01 10:15:04.573373

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7505`	vulnerable	2026-06-08 05:09:56.266149	Details available Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. Published: 2017-05-26T16:00:00.000Z Updated: 2024-08-05T16:04:11.828Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98607 http://projects.theforeman.org/issues/19612 https://github.com/theforeman/foreman/pull/4545	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4475`	vulnerable	2026-06-08 05:07:54.640853	Details available The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. Published: 2016-08-19T21:00:00.000Z Updated: 2024-08-06T00:32:25.430Z Open on db.gcve.eu Reference links https://theforeman.org/security.html#2016-4475 http://projects.theforeman.org/issues/15268 https://access.redhat.com/errata/RHBA-2016:1615 http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9 http://www.securityfocus.com/bid/92125	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4451`	vulnerable	2026-06-08 05:07:47.458564	Details available The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. Published: 2016-08-19T21:00:00.000Z Updated: 2024-08-06T00:32:25.359Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:0336 https://theforeman.org/security.html#2016-4451 http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c http://projects.theforeman.org/issues/15182	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5282`	vulnerable	2026-06-08 05:06:49.434575	Details available Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. Published: 2017-09-25T17:00:00.000Z Updated: 2024-08-06T06:41:09.516Z Open on db.gcve.eu Reference links https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57 https://bugzilla.redhat.com/show_bug.cgi?id=1264221 http://www.openwall.com/lists/oss-security/2015/09/21/3 https://theforeman.org/security.html#2015-5282 http://projects.theforeman.org/issues/11859	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.