CVE-2015-5246Foreman vulnerability

CWE-2545 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 27.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Theforeman Foreman
Timeline
PublishedOct 6
Latest updateMay 17

Description

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: projects.theforeman.orgPatch: projects.theforeman.org

🔴Vulnerability Details

2
GHSA
GHSA-4468-gjjg-mh5q: The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the2022-05-17
CVEList
CVE-2015-5246: The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the2017-10-06

📋Vendor Advisories

1
Red Hat
Foreman: previous password still allowed to log into foreman with Active Directory backend2015-08-24

💬Community

1
Bugzilla
CVE-2015-5246 Foreman: previous password still allowed to log into foreman with Active Directory backend2015-09-01
CVE-2015-5246 — Theforeman Foreman vulnerability | cvebase