Browse all 3 CVE security advisories affecting Foreman Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Foreman Project is an open-source lifecycle management tool for physical and virtual servers, automating provisioning and configuration. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The project maintains a security-focused development approach, with regular patches and a dedicated security team. While no major public incidents have been widely reported, the three documented CVEs highlight potential risks in web interfaces and API endpoints, emphasizing the need for timely updates and hardening in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-1096 | Foreman dashboard controller SQL注入漏洞 — ForemanCWE-89 | 8.1 | - | 2018-04-05 |
| CVE-2018-1097 | Foreman 信息泄露漏洞 — foremanCWE-200 | 8.8 | - | 2018-04-04 |
| CVE-2017-15100 | Foreman 跨站脚本漏洞 — ForemanCWE-79 | 6.1 | - | 2017-11-27 |
This page lists every published CVE security advisory associated with Foreman Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.