Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:foreman:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductForeman (4a41e831-c6b9-5169-b1ac-bb70a50021a0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-0462 vulnerable 2026-06-08 05:52:05.128358 Arbitrary code execution through yaml global parameters
HIGH (8)
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Published: 2023-09-20T13:40:43.213Z
Updated: 2024-09-24T15:05:20.612Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3874 vulnerable 2026-06-08 05:48:22.515684 Os command injection via ct_command and fcct_command
HIGH (8)
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
Published: 2023-09-22T13:56:54.314Z
Updated: 2024-09-24T15:01:27.145Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3590 vulnerable 2026-06-08 05:33:52.890826 Details available
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published: 2022-08-22T14:48:17.000Z
Updated: 2024-08-03T17:01:06.607Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3584 vulnerable 2026-06-08 05:33:52.879304 Details available
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
Published: 2021-12-23T19:48:46.000Z
Updated: 2024-08-03T17:01:07.414Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3494 vulnerable 2026-06-08 05:33:52.478890 Details available
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.
Published: 2021-04-26T14:13:18.000Z
Updated: 2024-08-03T16:53:17.616Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3469 vulnerable 2026-06-08 05:33:52.387643 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20260 vulnerable 2026-06-08 05:29:08.835647 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20259 vulnerable 2026-06-08 05:29:08.834256 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.