Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:foreman:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Foreman (4a41e831-c6b9-5169-b1ac-bb70a50021a0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-0462 |
vulnerable | 2026-06-08 05:52:05.128358 |
Arbitrary code execution through yaml global parameters
HIGH (8)
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Published: 2023-09-20T13:40:43.213Z
Updated: 2024-09-24T15:05:20.612Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3874 |
vulnerable | 2026-06-08 05:48:22.515684 |
Os command injection via ct_command and fcct_command
HIGH (8)
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
Published: 2023-09-22T13:56:54.314Z
Updated: 2024-09-24T15:01:27.145Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3590 |
vulnerable | 2026-06-08 05:33:52.890826 |
Details available
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published: 2022-08-22T14:48:17.000Z
Updated: 2024-08-03T17:01:06.607Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3584 |
vulnerable | 2026-06-08 05:33:52.879304 |
Details available
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
Published: 2021-12-23T19:48:46.000Z
Updated: 2024-08-03T17:01:07.414Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3494 |
vulnerable | 2026-06-08 05:33:52.478890 |
Details available
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.
Published: 2021-04-26T14:13:18.000Z
Updated: 2024-08-03T16:53:17.616Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3469 |
vulnerable | 2026-06-08 05:33:52.387643 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20260 |
vulnerable | 2026-06-08 05:29:08.835647 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20259 |
vulnerable | 2026-06-08 05:29:08.834256 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.