CVE-2015-1844
MEDIUM severity · CVSS 4 · CWE-264
4CVSS MEDIUM
Summary
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)2%
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://github.com/theforeman/foreman/pull/2273 ↗
Additional information
- NVD record
- https://github.com/theforeman/foreman/pull/2273Patch
- http://projects.theforeman.org/issues/9947Advisory
- https://access.redhat.com/errata/RHSA-2015:1591
- https://access.redhat.com/errata/RHSA-2015:1592
- https://groups.google.com/forum/#%21topic/foreman-announce/37KYWhIk4FY
- https://groups.google.com/forum/#%21topic/foreman-users/qAGZh5n6n6M