SB2017052611 - Multiple vulnerabilities in Foreman
Published: May 26, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2016-7078)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.
2) Improper Privilege Management (CVE-ID: CVE-2017-7505)
The vulnerability allows a remote authenticated user to execute arbitrary code.
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/96385
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078
- https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905
- https://projects.theforeman.org/issues/16982
- https://seclists.org/oss-sec/2017/q1/470
- https://theforeman.org/security.html#2016-7078
- http://projects.theforeman.org/issues/19612
- http://www.securityfocus.com/bid/98607
- https://github.com/theforeman/foreman/pull/4545