Main Vulnerability Database Vulnerabilities #VU38131

Security Features in Foreman - CVE-2015-5246

Published: October 6, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38131

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-5246

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foreman

Affected software:
Foreman

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

How to mitigate CVE-2015-5246

Install update from vendor's website.

Sources

http://projects.theforeman.org/issues/11471
https://bugzilla.redhat.com/show_bug.cgi?id=1258700

Security Features in Foreman - CVE-2015-5246

Detailed vulnerability description

How to mitigate CVE-2015-5246

Sources

Please verify you're human