cbcvebase.
CVE-2017-7505
published 2017-05-26

CVE-2017-7505: Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some…

PriorityP347high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.59%
72.6th percentile
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.

Affected

48 ranges· showing 25
VendorProductVersion rangeFixed in
foremanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.