CVE-2017-7505
N/A
N/A
Summary
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foreman | foreman | 1.5 and higher | affected |
Weaknesses
- CWE-863: CWE-863
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/98607
- http://projects.theforeman.org/issues/19612
- https://github.com/theforeman/foreman/pull/4545
References
- http://www.securityfocus.com/bid/98607
- http://projects.theforeman.org/issues/19612
- https://github.com/theforeman/foreman/pull/4545
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.