Lukas Zapletal

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.4.1 Foreman versions prior to 2.5.1 Foreman versions prior to 3.0.0 Description: A server-side remote code execution issue was found in the Foreman project. An authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this issue is to confidentiality, integrity, and availability of the system. Recommendations: For versions prior to 2.4.1, update to version 2.4.1 or later. For versions prior to 2.5.1, update to version 2.5.1 or later. For versions prior to 3.0.0, update to version 3.0.0 or later. As a temporary workaround, consider restricting access to Sendmail configuration options to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 **Description** A directory traversal issue exists, allowing remote attackers to overwrite arbitrary files by utilizing a .. (dot dot) in the `dst` parameter to the "tftp/fetch boot file" endpoint. **Recommendations** For Foreman versions prior to 1.4.5, update to version 1.4.5 or later. For Foreman versions 1.5.x prior to 1.5.1, update to version 1.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Red Hat CloudForms version 1.0 **Description** The issue is related to the proxies controller.rb in Katello, where it does not properly check permissions. This allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the `consumer UUID` of a system. **Recommendations** For Red Hat CloudForms version 1.0, update to version 1.1 or later to resolve the issue.