CVE-2014-8183

CWE-284 — Improper Access Control5 documents5 sources

Severity

7.4HIGH

EPSS

0.2%

top 64.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Redhat Satellite

Timeline

PublishedAug 1

Latest updateMay 17

Description

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages3 packages

▶NVDtheforeman/foreman1.0 — 1.15.6

▶NVDredhat/satellite6.0

▶CVEListV5theforeman/foreman1.x.x before 1.15.6

🔴Vulnerability Details

GHSA

GHSA-hgr6-57hp-f3cf: It was found that foreman, versions 1↗2022-05-17

▶

CVEList

CVE-2014-8183: It was found that foreman, versions 1↗2019-08-01

▶

📋Vendor Advisories

Red Hat

foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization↗2017-08-14

▶

💬Community

Bugzilla

CVE-2014-8183 foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization↗2017-08-12

▶