Skip to content

Add CVE-2026-5135, CVE-2026-5136, CVE-2026-5138, CVE-2026-5142 to security page#2301

Merged
ogajduse merged 1 commit into
theforeman:gh-pagesfrom
ogajduse:security-cves-2026-07-01
Jul 2, 2026
Merged

Add CVE-2026-5135, CVE-2026-5136, CVE-2026-5138, CVE-2026-5142 to security page#2301
ogajduse merged 1 commit into
theforeman:gh-pagesfrom
ogajduse:security-cves-2026-07-01

Conversation

@ogajduse

@ogajduse ogajduse commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

Add four new CVE entries to the security page for vulnerabilities fixed in Foreman 3.18.2 and 3.19.1:

  • CVE-2026-5136: Privilege escalation via usergroup role assignment (CVSS 8.8)
  • CVE-2026-5142: Cross-tenant private SSH key disclosure (CVSS 6.5)
  • CVE-2026-5135: Unauthorized modification of host configurations (CVSS 6.5)
  • CVE-2026-5138: Information disclosure via nested request parameters (CVSS 4.3)

Each entry includes advisory link, detail section, Redmine issue, and GitHub PR reference.

…urity page

Add four new CVE entries for security vulnerabilities fixed in
Foreman 3.18.2 and 3.19.1:

- CVE-2026-5136: Privilege escalation via usergroup role assignment
- CVE-2026-5142: Cross-tenant private SSH key disclosure
- CVE-2026-5135: Unauthorized modification of host configurations
- CVE-2026-5138: Information disclosure via nested request parameters
@ogajduse ogajduse marked this pull request as ready for review July 2, 2026 11:26
@ogajduse ogajduse merged commit 0e5982f into theforeman:gh-pages Jul 2, 2026
2 checks passed
@ogajduse ogajduse deleted the security-cves-2026-07-01 branch July 2, 2026 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants