CVE-2017-7505
published 2017-05-26CVE-2017-7505: Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some…
PriorityP347high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.59%
72.6th percentile
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foreman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r979-3cmv-8p2v: Foreman since version 1
ghsa_unreviewed·2022-05-13
CVE-2017-7505 [HIGH] CWE-269 GHSA-r979-3cmv-8p2v: Foreman since version 1
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Red Hat
foreman: Users with user management permission assigned to organization can manage user objects outside of the organization
vendor_redhat·2017-05-22·CVSS 8.8
CVE-2017-7505 [HIGH] CWE-863 foreman: Users with user management permission assigned to organization can manage user objects outside of the organization
foreman: Users with user management permission assigned to organization can manage user objects outside of the organization
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Package: foreman (Red Hat Ceph Storage 1.3) - Will not fix
Package: foreman (Red Hat Satellite 6) - Under investigation
No detection rules found.
No public exploits indexed.
2017-05-26
Published