Описание
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | foreman | Will not fix | ||
| Red Hat OpenStack Platform 4 | foreman | Will not fix | ||
| Red Hat Satellite 6.1 | aopalliance | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-commons-codec-eap6 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-mime4j | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | atinject | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | bouncycastle | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | c3p0 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin | Fixed | RHSA-2015:1592 | 12.08.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
Foreman before 1.7.5 allows remote authenticated users to bypass organ ...
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
EPSS
4 Medium
CVSS2