Ivan Necas

**Name of the Vulnerable Software and Affected Versions** Foreman version 1.5.1 **Description** A flaw in the remote execution plugin allows commands to be run on hosts over SSH from the Foreman web UI. When a job containing HTML tags is submitted, the console output in the web UI does not escape the output, causing any HTML or JavaScript to run in the user's browser. This results in a stored XSS issue, as the output of the job is stored. **Recommendations** For Foreman version 1.5.1, update to a version that includes a fix for this issue to prevent stored XSS attacks. As a temporary workaround, consider disabling the remote execution plugin until a patch is available. Restrict access to the web UI to minimize the risk of exploitation. Avoid submitting jobs with HTML tags in the affected Foreman version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.11.4 Foreman versions 1.12.x prior to 1.12.0-RC3 **Description** The issue allows remote authenticated users to bypass organization and location restrictions. This enables users to read, edit, or delete arbitrary organizations or locations. The exact vectors used for exploitation are not specified. **Recommendations** For Foreman versions prior to 1.11.4, update to version 1.11.4 or later. For Foreman versions 1.12.x prior to 1.12.0-RC3, update to version 1.12.0-RC3 or later.

**Name of the Vulnerable Software and Affected Versions** Safemode gem versions prior to 1.2.4 **Description** The issue allows context-dependent attackers to obtain sensitive information via the inspect method when the Safemode gem is initialized with a delegate object that is a Rails controller. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the inspect method when the delegate object is a Rails controller until a patch is available.