CVE-2017-7505
26.05.2017, 16:29
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.Enginsight
| Vendor | Product | Version |
|---|---|---|
| theforeman | foreman | 1.5.0 |
| theforeman | foreman | 1.5.0:rc1 |
| theforeman | foreman | 1.5.0:rc2 |
| theforeman | foreman | 1.5.1 |
| theforeman | foreman | 1.5.2 |
| theforeman | foreman | 1.5.3 |
| theforeman | foreman | 1.6.0 |
| theforeman | foreman | 1.6.0:rc1 |
| theforeman | foreman | 1.6.0:rc2 |
| theforeman | foreman | 1.6.1 |
| theforeman | foreman | 1.6.3 |
| theforeman | foreman | 1.7.0 |
| theforeman | foreman | 1.7.0:rc1 |
| theforeman | foreman | 1.7.0:rc2 |
| theforeman | foreman | 1.7.1 |
| theforeman | foreman | 1.7.2 |
| theforeman | foreman | 1.7.3 |
| theforeman | foreman | 1.7.4 |
| theforeman | foreman | 1.7.5 |
| theforeman | foreman | 1.8.0 |
| theforeman | foreman | 1.8.0:rc1 |
| theforeman | foreman | 1.8.0:rc2 |
| theforeman | foreman | 1.8.0:rc3 |
| theforeman | foreman | 1.8.1 |
| theforeman | foreman | 1.8.2 |
| theforeman | foreman | 1.8.3 |
| theforeman | foreman | 1.8.4 |
| theforeman | foreman | 1.9.0 |
| theforeman | foreman | 1.9.0:rc1 |
| theforeman | foreman | 1.9.0:rc2 |
| theforeman | foreman | 1.9.0:rc3 |
| theforeman | foreman | 1.9.1 |
| theforeman | foreman | 1.9.2 |
| theforeman | foreman | 1.9.3 |
| theforeman | foreman | 1.10.0 |
| theforeman | foreman | 1.10.0:rc1 |
| theforeman | foreman | 1.10.0:rc2 |
| theforeman | foreman | 1.10.0:rc3 |
| theforeman | foreman | 1.10.1 |
| theforeman | foreman | 1.10.2 |
| theforeman | foreman | 1.10.3 |
| theforeman | foreman | 1.10.4 |
| theforeman | foreman | 1.11.0 |
| theforeman | foreman | 1.11.0:rc1 |
| theforeman | foreman | 1.11.0:rc2 |
| theforeman | foreman | 1.11.0:rc3 |
| theforeman | foreman | 1.11.1 |
| theforeman | foreman | 1.11.2 |
| theforeman | foreman | 1.11.3 |
| theforeman | foreman | 1.11.4 |
| theforeman | foreman | 1.12.0 |
| theforeman | foreman | 1.12.0:rc1 |
| theforeman | foreman | 1.12.0:rc2 |
| theforeman | foreman | 1.12.0:rc3 |
| theforeman | foreman | 1.12.1 |
| theforeman | foreman | 1.12.2 |
| theforeman | foreman | 1.12.3 |
| theforeman | foreman | 1.12.4 |
| theforeman | foreman | 1.13.0 |
| theforeman | foreman | 1.13.0:rc1 |
| theforeman | foreman | 1.13.0:rc2 |
| theforeman | foreman | 1.13.1 |
| theforeman | foreman | 1.13.2 |
| theforeman | foreman | 1.13.3 |
| theforeman | foreman | 1.13.4 |
| theforeman | foreman | 1.14.0 |
| theforeman | foreman | 1.14.0:rc1 |
| theforeman | foreman | 1.14.0:rc2 |
| theforeman | foreman | 1.14.0:rc3 |
| theforeman | foreman | 1.14.1 |
| theforeman | foreman | 1.14.2 |
| theforeman | foreman | 1.14.3 |
| theforeman | foreman | 1.15.0 |
| theforeman | foreman | 1.15.0:rc1 |
| theforeman | foreman | 1.15.0:rc2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.