PT-2015-6112 · Foreman · Foreman

Dominic Cleal

Publicado

2015-08-14

Atualizado

2023-02-13

CVE-2015-3235

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.9.0

Description The issue allows remote authenticated users with the edit users permission to edit administrator users and change their passwords. An attacker with the edit users permission could use this flaw to access an admin user account, leading to an escalation of privileges.

Recommendations For Foreman versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the edit users permission to prevent unauthorized users from editing administrator accounts.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2015-3235

RHSA-2015:1591

RHSA-2015:1592

Produtos afetados

Foreman

PT-2015-6112 · Foreman · Foreman

CVE-2015-3235

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7