GCVE - cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*

part: a version: 1.1 update: *

Vendor	Theforeman (`760bf134-312a-50ab-8452-1d7485d10f9b`)
Product	Foreman (`a88a3ac5-9a3c-5a4c-91ec-c5eca465eab6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.526724
`pkg:deb/ubuntu/ruby-foreman`	purl2cpe	2026-06-01 10:15:04.526726
`pkg:gem/foreman`	purl2cpe	2026-06-01 10:15:04.526727
`pkg:github/theforeman/foreman`	purl2cpe	2026-06-01 10:15:04.526728
`pkg:rpm/opensuse/rubygem-foreman`	purl2cpe	2026-06-01 10:15:04.526730

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-0090`	vulnerable	2026-06-08 05:05:11.385556	Details available Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:05:38.660Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1072151 http://projects.theforeman.org/issues/4457 http://theforeman.org/security.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2121`	vulnerable	2026-06-08 05:03:58.454001	Details available Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. Published: 2013-07-31T10:00:00.000Z Updated: 2024-08-06T15:27:40.678Z Open on db.gcve.eu Reference links http://projects.theforeman.org/issues/2631 http://rhn.redhat.com/errata/RHSA-2013-0995.html https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU http://www.exploit-db.com/exploits/27045 https://bugzilla.redhat.com/show_bug.cgi?id=966804	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2113`	vulnerable	2026-06-08 05:03:58.387063	Details available The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. Published: 2013-07-31T10:00:00.000Z Updated: 2024-08-06T15:27:40.949Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-0995.html https://bugzilla.redhat.com/show_bug.cgi?id=968166 http://projects.theforeman.org/issues/2630 https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.