Please report (suspected) security vulnerabilities to security@manageiq.org. You should receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity, but historically within a few days.
Security: ManageIQ/manageiq
Security
SECURITY.md
-
Credentials logged in plaintext for some providersGHSA-pfh3-vj6p-89h9 published
Nov 14, 2024 by FryguyModerate -
Arbitrary code execution via Policy ImportGHSA-pgw4-pqv6-rfvx published
Nov 14, 2024 by FryguyHigh -
Arbitrary eval through MiqExpressionGHSA-32x4-vj4r-57rq published
Jul 21, 2021 by FryguyHigh -
Missing access control leads to escalation of admin group privilegesGHSA-46q7-rqqj-pxxj published
Jan 21, 2021 by FryguyHigh -
User Impersonation in the API for OIDC and SAMLGHSA-84f5-5g5v-g8vr published
Aug 17, 2020 by FryguyCritical -
Out-of-band OS Command Injection through conversion hostGHSA-6q9c-cc8x-6x5f published
Aug 17, 2020 by FryguyHigh -
CSV Injection in Orchestration TemplatesGHSA-fvwm-rpxw-jgcx published
Aug 17, 2020 by FryguyModerate -
Host Header InjectionGHSA-rc7q-jcrc-v4wc published
Aug 17, 2020 by FryguyModerate -
Cross Site Request Forgery in API notificationsGHSA-fwcf-7r2j-3vq7 published
Dec 1, 2020 by FryguyModerate -
Server-Side Request Forgery (SSRF) in Ansible Tower ProviderGHSA-p229-rfp6-7w8w published
Aug 17, 2020 by FryguyModerate
Learn more about advisories related to ManageIQ/manageiq in the GitHub Advisory Database