CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5233 – foreman: reports show/destroy not restricted by host authorization
https://notcve.org/view.php?id=CVE-2015-5233
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. Foreman en versiones anteriores a 1.8.4 y 1.9.x en versiones anteriores a 1.9.1 no aplica correctamente los permisos view_hosts, lo que permite (1) a usuarios remotos autenticados con el permiso view_reports leer informes desde hosts arbitrarios o (2) a usuarios remotos autenticados con el permiso destroy_reports borrar informes desde hosts arbitrarios a través del acceso directo a (a) las páginas show/delete del informe individual o (b) APIs. A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman. • http://projects.theforeman.org/issues/11579 http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorization https://access.redhat.com/errata/RHSA-2015:2622 https://access.redhat.com/security/cve/CVE-2015-5233 https://bugzilla.redhat.com/show_bug.cgi?id=1262443 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3235 – foreman: edit_users permission allows changing of admin passwords
https://notcve.org/view.php?id=CVE-2015-3235
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. Vulnerabilidad en Foreman en versiones anteriores a 1.9.0, permite a usuarios remotos autenticados con el permiso edit_users editar a usuarios administradores y cambiar sus contraseñas a través de vectores no especificados. It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges. • http://projects.theforeman.org/issues/10829 http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://bugzilla.redhat.com/show_bug.cgi?id=1232366 https://access.redhat.com/security/cve/CVE-2015-3235 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1816 – foreman: lack of SSL certificate validation when performing LDAPS authentication
https://notcve.org/view.php?id=CVE-2015-1816
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. Vulnerabilidad en Foreman en versiones anteriores a 1.7.4, no verifica certificados SSL para conexiones LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores LDAP a través de un certificado manipulado. It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks. • http://projects.theforeman.org/issues/9858 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://github.com/theforeman/foreman/pull/2265 https://groups.google.com/forum/#%21topic/foreman-announce/9ZnuPcplNLI https://access.redhat.com/security/cve/CVE-2015-1816 https://bugzilla.redhat.com/show_bug.cgi?id=1208602 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1844 – foreman: API not scoping resources to taxonomies
https://notcve.org/view.php?id=CVE-2015-1844
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. Vulnerabilidad en Foreman en versiones anteriores a 1.7.5, permite a usuarios remotos autenticados eludir las restricciones de organización y localización conectándose a través de la API REST. A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access. • http://projects.theforeman.org/issues/9947 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://github.com/theforeman/foreman/pull/2273 https://groups.google.com/forum/#%21topic/foreman-announce/37KYWhIk4FY https://groups.google.com/forum/#%21topic/foreman-users/qAGZh5n6n6M https://access.redhat.com/security/cve/CVE-2015-1844 https://bugzilla.redhat.com/show_bug.cgi?id=1207589 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3155 – foreman: the _session_id cookie is issued without the Secure flag
https://notcve.org/view.php?id=CVE-2015-3155
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Vulnerabilidad en Foreman en versiones anteriores a 1.8.1, no configura el indicador de seguridad para la cookie the _session_id en una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión dentro de una sesión http. It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. • http://projects.theforeman.org/issues/10275 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://bugzilla.redhat.com/show_bug.cgi?id=1216035 https://github.com/theforeman/foreman/pull/2328 https://groups.google.com/forum/#%21topic/foreman-announce/QPtN0h04jdo https://access.redhat.com/security/cve/CVE-2015-3155 • CWE-284: Improper Access Control •