Back to search
CVE-2017-7505
Published: May 26, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
| Vendor | Product | Versions |
|---|---|---|
Foreman | foreman | affected 1.5 and higher |
Weaknesses (CWE)
References
98607
vdb-entry
x_refsource_BID
http://projects.theforeman.org/issues/19612
x_refsource_CONFIRM
https://github.com/theforeman/foreman/pull/4545
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now