Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Published: 2016-08-19
Updated: 2024-11-21
Summary
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Redhat
advisories | |
rpms | - foreman-0:1.11.0.51-1.el6sat
- foreman-0:1.11.0.51-1.el7sat
- foreman-compute-0:1.11.0.51-1.el6sat
- foreman-compute-0:1.11.0.51-1.el7sat
- foreman-debug-0:1.11.0.51-1.el6sat
- foreman-debug-0:1.11.0.51-1.el7sat
- foreman-ec2-0:1.11.0.51-1.el6sat
- foreman-ec2-0:1.11.0.51-1.el7sat
- foreman-gce-0:1.11.0.51-1.el6sat
- foreman-gce-0:1.11.0.51-1.el7sat
- foreman-installer-1:1.11.0.10-1.el6sat
- foreman-installer-1:1.11.0.10-1.el7sat
- foreman-libvirt-0:1.11.0.51-1.el6sat
- foreman-libvirt-0:1.11.0.51-1.el7sat
- foreman-openstack-0:1.11.0.51-1.el6sat
- foreman-openstack-0:1.11.0.51-1.el7sat
- foreman-ovirt-0:1.11.0.51-1.el6sat
- foreman-ovirt-0:1.11.0.51-1.el7sat
- foreman-postgresql-0:1.11.0.51-1.el6sat
- foreman-postgresql-0:1.11.0.51-1.el7sat
- foreman-proxy-0:1.11.0.5-1.el6sat
- foreman-proxy-0:1.11.0.5-1.el7sat
- foreman-rackspace-0:1.11.0.51-1.el6sat
- foreman-rackspace-0:1.11.0.51-1.el7sat
- foreman-vmware-0:1.11.0.51-1.el6sat
- foreman-vmware-0:1.11.0.51-1.el7sat
- pulp-admin-client-0:2.8.3.4-1.el6sat
- pulp-admin-client-0:2.8.3.4-1.el7sat
- pulp-nodes-child-0:2.8.3.4-1.el6sat
- pulp-nodes-child-0:2.8.3.4-1.el7sat
- pulp-nodes-common-0:2.8.3.4-1.el6sat
- pulp-nodes-common-0:2.8.3.4-1.el7sat
- pulp-nodes-parent-0:2.8.3.4-1.el6sat
- pulp-nodes-parent-0:2.8.3.4-1.el7sat
- pulp-selinux-0:2.8.3.4-1.el6sat
- pulp-selinux-0:2.8.3.4-1.el7sat
- pulp-server-0:2.8.3.4-1.el6sat
- pulp-server-0:2.8.3.4-1.el7sat
- python-pulp-agent-lib-0:2.8.3.4-1.el6sat
- python-pulp-agent-lib-0:2.8.3.4-1.el7sat
- python-pulp-bindings-0:2.8.3.4-1.el6sat
- python-pulp-bindings-0:2.8.3.4-1.el7sat
- python-pulp-client-lib-0:2.8.3.4-1.el6sat
- python-pulp-client-lib-0:2.8.3.4-1.el7sat
- python-pulp-common-0:2.8.3.4-1.el6sat
- python-pulp-common-0:2.8.3.4-1.el7sat
- python-pulp-oid_validation-0:2.8.3.4-1.el6sat
- python-pulp-oid_validation-0:2.8.3.4-1.el7sat
- python-pulp-repoauth-0:2.8.3.4-1.el6sat
- python-pulp-repoauth-0:2.8.3.4-1.el7sat
- python-pulp-streamer-0:2.8.3.4-1.el6sat
- python-pulp-streamer-0:2.8.3.4-1.el7sat
- satellite-0:6.2.1-1.2.el6sat
- satellite-0:6.2.1-1.2.el7sat
- satellite-capsule-0:6.2.1-1.2.el6sat
- satellite-capsule-0:6.2.1-1.2.el7sat
- satellite-cli-0:6.2.1-1.2.el6sat
- satellite-cli-0:6.2.1-1.2.el7sat
- satellite-debug-tools-0:6.2.1-1.2.el6sat
- satellite-debug-tools-0:6.2.1-1.2.el7sat
- tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el6sat
- tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el7sat
- tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el6sat
- tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el7sat
- tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el6sat
- tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el7sat
- tfm-rubygem-katello-0:3.0.0.70-1.el6sat
- tfm-rubygem-katello-0:3.0.0.70-1.el7sat
- tfm-rubygem-katello_ostree-0:3.0.0.70-1.el7sat
- tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el6sat
- tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el7sat
|