Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.

  • Published: May 26, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-7505
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
theforeman / foreman 1.8.4 1.8.4.x
theforeman / foreman 1.14.2 1.14.2.x
theforeman / foreman 1.6.3 1.6.3.x
theforeman / foreman 1.11.0-rc1 1.11.0-rc1.x
theforeman / foreman 1.13.3 1.13.3.x
theforeman / foreman 1.12.0 1.12.0.x
theforeman / foreman 1.12.3 1.12.3.x
theforeman / foreman 1.11.3 1.11.3.x
theforeman / foreman 1.13.4 1.13.4.x
theforeman / foreman 1.10.3 1.10.3.x
theforeman / foreman 1.9.0 1.9.0.x
theforeman / foreman 1.9.0-rc1 1.9.0-rc1.x
theforeman / foreman 1.9.1 1.9.1.x
theforeman / foreman 1.12.2 1.12.2.x
theforeman / foreman 1.9.3 1.9.3.x
theforeman / foreman 1.8.0 1.8.0.x
theforeman / foreman 1.11.4 1.11.4.x
theforeman / foreman 1.10.1 1.10.1.x
theforeman / foreman 1.11.0 1.11.0.x
theforeman / foreman 1.15.0 1.15.0.x
theforeman / foreman 1.7.4 1.7.4.x
theforeman / foreman 1.7.5 1.7.5.x
theforeman / foreman 1.7.0-rc2 1.7.0-rc2.x
theforeman / foreman 1.8.1 1.8.1.x
theforeman / foreman 1.15.0-rc1 1.15.0-rc1.x
theforeman / foreman 1.13.0-rc2 1.13.0-rc2.x
theforeman / foreman 1.13.0 1.13.0.x
theforeman / foreman 1.5.0 1.5.0.x
theforeman / foreman 1.10.0-rc1 1.10.0-rc1.x
theforeman / foreman 1.5.0-rc2 1.5.0-rc2.x
theforeman / foreman 1.5.2 1.5.2.x
theforeman / foreman 1.7.0 1.7.0.x
theforeman / foreman 1.10.4 1.10.4.x
theforeman / foreman 1.5.3 1.5.3.x
theforeman / foreman 1.10.0 1.10.0.x
theforeman / foreman 1.8.0-rc2 1.8.0-rc2.x
theforeman / foreman 1.10.2 1.10.2.x
theforeman / foreman 1.6.0 1.6.0.x
theforeman / foreman 1.12.0-rc3 1.12.0-rc3.x
theforeman / foreman 1.8.3 1.8.3.x
theforeman / foreman 1.13.0-rc1 1.13.0-rc1.x
theforeman / foreman 1.15.0-rc2 1.15.0-rc2.x
theforeman / foreman 1.7.1 1.7.1.x
theforeman / foreman 1.5.1 1.5.1.x
theforeman / foreman 1.14.3 1.14.3.x
theforeman / foreman 1.8.2 1.8.2.x
theforeman / foreman 1.14.0-rc2 1.14.0-rc2.x
theforeman / foreman 1.14.1 1.14.1.x
theforeman / foreman 1.12.0-rc1 1.12.0-rc1.x
theforeman / foreman 1.6.0-rc2 1.6.0-rc2.x
theforeman / foreman 1.7.0-rc1 1.7.0-rc1.x
theforeman / foreman 1.6.1 1.6.1.x
theforeman / foreman 1.14.0-rc3 1.14.0-rc3.x
theforeman / foreman 1.9.2 1.9.2.x
theforeman / foreman 1.11.2 1.11.2.x
theforeman / foreman 1.5.0-rc1 1.5.0-rc1.x
theforeman / foreman 1.13.1 1.13.1.x
theforeman / foreman 1.8.0-rc3 1.8.0-rc3.x
theforeman / foreman 1.12.1 1.12.1.x
theforeman / foreman 1.11.0-rc2 1.11.0-rc2.x
theforeman / foreman 1.10.0-rc2 1.10.0-rc2.x
theforeman / foreman 1.9.0-rc2 1.9.0-rc2.x
theforeman / foreman 1.12.4 1.12.4.x
theforeman / foreman 1.7.2 1.7.2.x
theforeman / foreman 1.7.3 1.7.3.x
theforeman / foreman 1.11.1 1.11.1.x
theforeman / foreman 1.14.0 1.14.0.x
theforeman / foreman 1.13.2 1.13.2.x
theforeman / foreman 1.11.0-rc3 1.11.0-rc3.x
theforeman / foreman 1.14.0-rc1 1.14.0-rc1.x
theforeman / foreman 1.9.0-rc3 1.9.0-rc3.x
theforeman / foreman 1.10.0-rc3 1.10.0-rc3.x
theforeman / foreman 1.6.0-rc1 1.6.0-rc1.x
theforeman / foreman 1.12.0-rc2 1.12.0-rc2.x
theforeman / foreman 1.8.0-rc1 1.8.0-rc1.x