Browse all 7 CVE security advisories affecting Foreman. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Foreman is an open-source lifecycle management tool for servers and applications, primarily used for automated provisioning and configuration management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs documented. Security characteristics include its Ruby-on-Rails architecture and extensive plugin ecosystem, which can introduce additional attack surfaces. While no major public incidents have been widely reported, the consistent discovery of vulnerabilities in areas like API endpoints and user authentication highlights the need for regular patching and access control measures in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2014-0091 | Foreman 输入验证错误漏洞 — Foreman | 5.3 | - | 2019-12-11 |
| CVE-2016-7077 | Foreman 信息泄露漏洞 — foremanCWE-285 | 4.3 | - | 2018-09-10 |
| CVE-2016-7078 | Foreman 信息泄露漏洞 — foremanCWE-285 | 4.3 | - | 2018-09-10 |
| CVE-2016-9595 | katello-debug 安全漏洞 — katello-debugCWE-377 | 5.5 | - | 2018-07-27 |
| CVE-2017-7535 | Foreman 跨站脚本漏洞 — foremanCWE-79 | 5.4 | - | 2018-07-26 |
| CVE-2017-2667 | Foreman 数据伪造问题漏洞 — Hammer CLICWE-345 | 8.1 | - | 2018-03-12 |
| CVE-2017-7505 | Foreman 安全漏洞 — foremanCWE-863 | 8.1 | - | 2017-05-26 |
This page lists every published CVE security advisory associated with Foreman. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.