Dominic Cleal

**Name of the Vulnerable Software and Affected Versions** Foreman versions 1.1 through 1.9.0-RC1 **Description** The issue allows remote attackers to obtain user credentials via a man-in-the-middle attack because HTTP requests are not redirected to HTTPS when the require ssl setting is set to true. **Recommendations** For versions 1.1 through 1.9.0-RC1, ensure the require ssl setting is properly configured and consider implementing additional security measures to enforce HTTPS connections, such as configuring the server to redirect all HTTP requests to HTTPS.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.9.0 **Description** The issue allows remote authenticated users with the `edit users` permission to edit administrator users and change their passwords. An attacker with the `edit users` permission could use this flaw to access an admin user account, leading to an escalation of privileges. **Recommendations** For Foreman versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the `edit users` permission to prevent unauthorized users from editing administrator accounts.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page. This is related to create, update, and destroy notification boxes. **Recommendations** For Foreman versions prior to 1.4.5, update to version 1.4.5 or later. For Foreman versions 1.5.x prior to 1.5.1, update to version 1.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a parameter related to the host, specifically the `name` or `value`. This can be exploited to conduct cross-site scripting (XSS) attacks. **Recommendations** For Foreman versions prior to 1.4.5, update to version 1.4.5 or later. For Foreman versions 1.5.x prior to 1.5.1, update to version 1.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Katello Installer versions prior to 0.0.18 **Description** The issue allows local users to obtain the private key by reading the file due to world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node. **Recommendations** For versions prior to 0.0.18, update to version 0.0.18 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/pki/tls/private/katello-node.key file to restrict access until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.1 **Description** The issue concerns the smart proxy in Foreman, where a umask set to 0 allows local users to modify files created by the daemon. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.