Browse all 8 CVE security advisories affecting The Foreman Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Foreman Project is an open-source lifecycle management tool for servers and applications, automating provisioning, configuration, and monitoring across physical and virtual infrastructure. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with eight CVEs documented. Notable security characteristics include its extensive plugin ecosystem, which introduces additional attack surfaces, and its reliance on REST APIs that have been exploited for unauthorized access. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in web interfaces and authentication mechanisms highlights ongoing security challenges for administrators implementing this infrastructure management solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-10198 | foreman-tasks 授权问题漏洞 — foreman-tasksCWE-592 | 6.5 | - | 2019-07-31 |
| CVE-2019-3893 | Foreman 信息泄露漏洞 — foremanCWE-732 | 6.5 | - | 2019-04-09 |
| CVE-2018-14623 | Katello SQL注入漏洞 — katelloCWE-89 | 4.3 | - | 2018-12-13 |
| CVE-2018-16861 | Foreman 跨站脚本漏洞 — foremanCWE-79 | 4.8 | - | 2018-12-07 |
| CVE-2017-2662 | Foreman 安全漏洞 — foreman katello pluginCWE-862 | 4.3 | - | 2018-08-22 |
| CVE-2016-8639 | Foreman 跨站脚本漏洞 — foremanCWE-79 | 5.4 | - | 2018-08-01 |
| CVE-2016-8634 | Foreman 跨站脚本漏洞 — foremanCWE-79 | 5.4 | - | 2018-08-01 |
| CVE-2016-8613 | Foreman 跨站脚本漏洞 — foremanCWE-79 | 6.1 | - | 2018-07-31 |
This page lists every published CVE security advisory associated with The Foreman Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.