Every CVE whose affected-product data names Theforeman Foreman, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (73)
CVE-2018-14643 — CVSS 9.8 (critical): An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to…
CVE-2023-0118 — CVSS 9.1 (critical): An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute…
CVE-2021-3590 — CVSS 8.8 (high): A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the…
CVE-2016-3728 — CVSS 8.8 (high): Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows…
CVE-2018-1097 — CVSS 8.8 (high): A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to…
CVE-2016-4475 — CVSS 8.8 (high): The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users…
CVE-2017-7505 — CVSS 8.8 (high): Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are…
CVE-2015-5152 — CVSS 8.1 (high): Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows…
CVE-2015-5246 — CVSS 8.1 (high): The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors…
CVE-2023-0462 — CVSS 8.0 (high): An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying…
CVE-2022-3874 — CVSS 8.0 (high): A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to…
CVE-2021-20260 — CVSS 7.8 (high): A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with…
CVE-2026-12112 — CVSS 7.8 (high): A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack…
CVE-2018-16861 — CVSS 7.6 (high): A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the…
CVE-2014-0007 — CVSS 7.5 (high): The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell…
CVE-2013-0210 — CVSS 7.5 (high): The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to…
CVE-2012-5648 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified…
CVE-2013-4182 — CVSS 7.5 (high): app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote…
CVE-2013-4386 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute…
CVE-2013-0171 — CVSS 7.5 (high): Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVE-2014-3691 — CVSS 7.5 (high): Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which…
CVE-2014-8183 — CVSS 7.4 (high): It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An…
CVE-2021-3584 — CVSS 7.2 (high): A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration…
CVE-2014-0090 — CVSS 6.8 (medium): Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
CVE-2023-4886 — CVSS 6.7 (medium): A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to…
CVE-2013-0187 — CVSS 6.5 (medium): Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
CVE-2018-1096 — CVSS 6.5 (medium): An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to…
CVE-2024-7700 — CVSS 6.5 (medium): A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the…
CVE-2017-2672 — CVSS 6.5 (medium): A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log…
CVE-2014-4507 — CVSS 6.4 (medium): Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite…
CVE-2016-8613 — CVSS 6.4 (medium): A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is…
CVE-2026-9073 — CVSS 6.2 (medium): A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and…
CVE-2017-7535 — CVSS 6.1 (medium): foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user…
CVE-2016-6319 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly…
CVE-2016-8634 — CVSS 6.1 (medium): A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the…
CVE-2016-8639 — CVSS 6.1 (medium): It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker…
CVE-2017-15100 — CVSS 6.1 (medium): An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking…
CVE-2013-2113 — CVSS 6.0 (medium): The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to…
CVE-2015-3235 — CVSS 6.0 (medium): Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their…
CVE-2013-2121 — CVSS 6.0 (medium): Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users…
CVE-2021-3494 — CVSS 5.9 (medium): A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle…
CVE-2014-3531 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script…
CVE-2021-3469 — CVSS 5.4 (medium): Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can…
CVE-2016-6320 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote…
CVE-2018-14664 — CVSS 5.4 (medium): A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code…
CVE-2016-2100 — CVSS 5.4 (medium): Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by…
CVE-2014-0208 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated…
CVE-2016-4995 — CVSS 5.3 (medium): Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote…
CVE-2016-5390 — CVSS 5.3 (medium): Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to…
CVE-2016-4451 — CVSS 5.0 (medium): The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with…
CVE-2013-0173 — CVSS 5.0 (medium): Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute…
CVE-2013-0174 — CVSS 5.0 (medium): The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
CVE-2013-4180 — CVSS 5.0 (medium): The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service…
CVE-2014-0192 — CVSS 5.0 (medium): Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain…
CVE-2015-1816 — CVSS 5.0 (medium): Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers…
CVE-2015-3155 — CVSS 5.0 (medium): Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote…
CVE-2025-9572 — CVSS 5.0 (medium): n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the…
CVE-2019-3893 — CVSS 4.9 (medium): In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the…
CVE-2016-9593 — CVSS 4.7 (medium): foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file…
CVE-2020-10710 — CVSS 4.4 (medium): A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This…
CVE-2026-13316 — CVSS 4.4 (medium): A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform…
CVE-2016-7077 — CVSS 4.3 (medium): foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated…
CVE-2015-7518 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject…
CVE-2014-0089 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users…
CVE-2014-3491 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web…
CVE-2016-7078 — CVSS 4.3 (medium): foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned…
CVE-2014-3653 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject…
CVE-2014-3492 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote…
CVE-2015-5233 — CVSS 4.2 (medium): Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with…
CVE-2015-1844 — CVSS 4.0 (medium): Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
CVE-2012-5477 — CVSS 3.6 (low): The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified…