cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7923,https://securityvulnerability.io/vulnerability/CVE-2024-7923,Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments,"An authentication bypass vulnerability has been identified in Pulpcore, particularly affecting deployments running with Gunicorn versions prior to 22.0. This vulnerability is caused by the puppet-pulpcore configuration and Apache's mod_proxy failing to properly unset headers, which restricts underscores in HTTP headers. As a result, unauthorized users can exploit this flaw to gain administrative access to systems. The issue impacts all active Satellite deployments (versions 6.13, 6.14, and 6.15) that utilize Pulpcore version 3.0 and above. Organizations using these systems are strongly advised to review their configurations and implement necessary security measures.",Red Hat,"Red Hat Satellite 6.13 For Rhel 8,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",9.8,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2024-09-04T14:15:00.000Z,0
CVE-2023-4886,https://securityvulnerability.io/vulnerability/CVE-2023-4886,Foreman: world readable file containing secrets,"A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.",Red Hat,"Red Hat Satellite 6.13 For Rhel 8,Red Hat Satellite 6.14 For Rhel 8",6.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-10-03T15:15:00.000Z,0
CVE-2023-0118,https://securityvulnerability.io/vulnerability/CVE-2023-0118,Arbitrary code execution through templates,"An arbitrary code execution vulnerability has been identified in Foreman, allowing an admin user to bypass safe mode in templates. This potentially malicious action enables the execution of arbitrary code on the underlying operating system, creating severe risks for system integrity and security. It is crucial for administrators to address this issue promptly to safeguard their environments.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",9.1,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2023-09-20T14:15:00.000Z,0
CVE-2023-0119,https://securityvulnerability.io/vulnerability/CVE-2023-0119,Stored cross-site scripting in host tab,"A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",5.4,MEDIUM,0.0011699999449774623,false,,false,false,false,,,false,false,,2023-09-12T16:15:00.000Z,0