A vulnerability has been found in Foreman up to 1.7.4 (Service Management Software) and classified as critical. Affected by this vulnerability is some unknown processing of the component REST API. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.

The weakness was released 08/14/2015 (Website). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2015-1844 since 02/17/2015. The attack can be launched remotely. Required for exploitation is a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

The vulnerability scanner Nessus provides a plugin with the ID 85715 (RHEL 7 : Satellite Server (RHSA-2015:1591)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks.

Upgrading to version 1.7.5 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (85715). Entries connected to this vulnerability are available at 76304, 77249, 77253 and 77254.

Productinfo

Type

• Service Management Software

Name

• Foreman

Version

• 1.7.0
• 1.7.1
• 1.7.2
• 1.7.3
• 1.7.4

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion