exploitDog

CVE-2014-8183

Опубликовано: 14 авг. 2017

Источник: redhat

CVSS3: 7.4

EPSS Низкий

Описание

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-284

https://bugzilla.redhat.com/show_bug.cgi?id=1480886foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization

EPSS

Процентиль: 36%

0.00153

Низкий

7.4 High

CVSS3

Связанные уязвимости

CVE-2014-8183

CVSS3: 7.4

nvd

больше 6 лет назад

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

GHSA-hgr6-57hp-f3cf

CVSS3: 7.4

github

больше 3 лет назад

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

EPSS

Процентиль: 36%

0.00153

Низкий

7.4 High

CVSS3