Improper Authorization in Foreman by The Foreman Project
CVE-2017-7505

8.8HIGH

Key Information:

Vendor

Foreman

Status
Foreman
Vendor
CVE Published:
26 May 2017

What is CVE-2017-7505?

Foreman versions 1.5 and later exhibit a vulnerability due to improper authorization checks. Users with permission to manage user accounts can exploit this flaw to perform unauthorized actions on administrator accounts outside their organizational scope. This includes sensitive operations such as editing global admin settings and altering passwords, posing significant security risks for systems relying on the Foreman platform.

Affected Version(s)

foreman 1.5 and higher

References

http://www.securityfocus.com/bid/98607
vdb-entryx_refsource_BID
http://projects.theforeman.org/issues/19612
x_refsource_CONFIRM
https://github.com/theforeman/foreman/pull/4545
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.