CVE-2015-3235

EUVD-2015-3291
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
theforemanforeman
𝑥
≤ 1.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://projects.theforeman.org/issues/10829
http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9
https://access.redhat.com/errata/RHSA-2015:1591
https://access.redhat.com/errata/RHSA-2015:1592
https://bugzilla.redhat.com/show_bug.cgi?id=1232366
http://projects.theforeman.org/issues/10829
http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9
https://access.redhat.com/errata/RHSA-2015:1591
https://access.redhat.com/errata/RHSA-2015:1592
https://bugzilla.redhat.com/show_bug.cgi?id=1232366