CVE-2015-3235
published 2015-08-14CVE-2015-3235: Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified…
PriorityP428medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.65%
73.5th percentile
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | <= 1.8.2 | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5jmw-rjr2-cj2c: Foreman before 1
ghsa_unreviewed·2022-05-17
CVE-2015-3235 [MEDIUM] GHSA-5jmw-rjr2-cj2c: Foreman before 1
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
Red Hat
foreman: edit_users permission allows changing of admin passwords
vendor_redhat·2015-06-16·CVSS 6.0
CVE-2015-3235 [MEDIUM] CWE-266 foreman: edit_users permission allows changing of admin passwords
foreman: edit_users permission allows changing of admin passwords
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.
Package: foreman (OpenStack Foreman) - Will not fix
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/10829http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9https://access.redhat.com/errata/RHSA-2015:1591https://access.redhat.com/errata/RHSA-2015:1592https://bugzilla.redhat.com/show_bug.cgi?id=1232366http://projects.theforeman.org/issues/10829http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9https://access.redhat.com/errata/RHSA-2015:1591https://access.redhat.com/errata/RHSA-2015:1592https://bugzilla.redhat.com/show_bug.cgi?id=1232366
2015-08-14
Published