Andreas Rogge

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.1 **Description** The issue allows remote attackers to execute arbitrary code by sending a crafted YAML object to specific API endpoints, including the fact or report import API. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.1 **Description** The issue makes it easier for attackers to guess the root password via a brute force attack because a static salt of "foreman" is used to hash root passwords. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.1 **Description** The issue allows remote attackers to obtain the hashed root password via an API request to the external node classifier (ENC) API. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.