Описание
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Will not fix | ||
| Red Hat Satellite 6.1 | aopalliance | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-commons-codec-eap6 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-mime4j | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | atinject | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | bouncycastle | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | c3p0 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin-common | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin-scl | Fixed | RHSA-2015:1592 | 12.08.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS2
Связанные уязвимости
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
Foreman before 1.9.0 allows remote authenticated users with the edit_u ...
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
EPSS
6.3 Medium
CVSS2