CVE-2015-1816

foreman: lack of SSL certificate validation when performing LDAPS authentication

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

Vulnerabilidad en Foreman en versiones anteriores a 1.7.4, no verifica certificados SSL para conexiones LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores LDAP a través de un certificado manipulado.

It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks.

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7. It was discovered that in Foreman the edit_users permissions allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-02-17 CVE Reserved
2015-08-12 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation
CWE-310: Cryptographic Issues

CAPEC

References (7)

URL	Tag	Source
https://github.com/theforeman/foreman/pull/2265	X_refsource_confirm
https://groups.google.com/forum/#%21topic/foreman-announce/9ZnuPcplNLI	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://projects.theforeman.org/issues/9858	2023-11-07
https://access.redhat.com/errata/RHSA-2015:1591	2023-11-07
https://access.redhat.com/errata/RHSA-2015:1592	2023-11-07
https://access.redhat.com/security/cve/CVE-2015-1816	2015-08-12
https://bugzilla.redhat.com/show_bug.cgi?id=1208602	2015-08-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Theforeman Search vendor "Theforeman"		Foreman Search vendor "Theforeman" for product "Foreman"				<= 1.7.3 Search vendor "Theforeman" for product "Foreman" and version " <= 1.7.3"		-		Affected