CVE Vulnerabilities

CVE-2015-5233

Published: Apr 11, 2016 | Modified: Feb 13, 2023
CVSS 3.x
4.2
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
5.5 MODERATE
AV:N/AC:L/Au:S/C:P/I:N/A:P
RedHat/V3
Ubuntu

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.

Affected Software

Name Vendor Start Version End Version
Foreman Theforeman * 1.8.3 (including)
Foreman Theforeman 1.9.0 (including) 1.9.0 (including)
Red Hat Satellite 6.1 RedHat foreman-0:1.7.2.49-1.el7sat *
Red Hat Satellite 6.1 RedHat foreman-discovery-image-0:3.0.5-3 *
Red Hat Satellite 6.1 RedHat foreman-proxy-0:1.7.2.7-1.el7sat *
Red Hat Satellite 6.1 RedHat gofer-0:2.6.8-1.el6 *
Red Hat Satellite 6.1 RedHat katello-agent-0:2.2.6-1.el7sat *
Red Hat Satellite 6.1 RedHat katello-installer-base-0:2.3.22-1.el6 *
Red Hat Satellite 6.1 RedHat python-nectar-0:1.3.4-1.el6 *
Red Hat Satellite 6.1 RedHat python-qpid-0:0.30-7.el6 *
Red Hat Satellite 6.1 RedHat qpid-dispatch-0:0.4-11.el7 *
Red Hat Satellite 6.1 RedHat qpid-proton-0:0.9-11.el6 *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman_bootdisk-0:4.0.2.14-1.el6_6sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman_discovery-0:2.0.0.23-1.el6_6sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman-redhat_access-0:0.2.4-1.el7sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-katello-0:2.2.0.77-1.el7sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-redhat_access_lib-0:0.0.6-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-hammer_cli_foreman_docker-0:0.0.3.10-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-newt-0:0.9.6-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-smart_proxy_discovery-0:1.0.3-2.el6 *
Red Hat Satellite 6.1 RedHat rubygem-smart_proxy_discovery_image-0:1.0.5-3.el6 *
Red Hat Satellite 6.1 RedHat foreman-0:1.7.2.49-1.el7sat *
Red Hat Satellite 6.1 RedHat foreman-discovery-image-0:3.0.5-3 *
Red Hat Satellite 6.1 RedHat foreman-proxy-0:1.7.2.7-1.el7sat *
Red Hat Satellite 6.1 RedHat gofer-0:2.6.8-1.el6 *
Red Hat Satellite 6.1 RedHat katello-agent-0:2.2.6-1.el7sat *
Red Hat Satellite 6.1 RedHat katello-installer-base-0:2.3.22-1.el6 *
Red Hat Satellite 6.1 RedHat python-nectar-0:1.3.4-1.el6 *
Red Hat Satellite 6.1 RedHat python-qpid-0:0.30-7.el6 *
Red Hat Satellite 6.1 RedHat qpid-dispatch-0:0.4-11.el7 *
Red Hat Satellite 6.1 RedHat qpid-proton-0:0.9-11.el6 *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman_bootdisk-0:4.0.2.14-1.el6_6sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman_discovery-0:2.0.0.23-1.el6_6sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-foreman-redhat_access-0:0.2.4-1.el7sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-katello-0:2.2.0.77-1.el7sat *
Red Hat Satellite 6.1 RedHat ruby193-rubygem-redhat_access_lib-0:0.0.6-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-hammer_cli_foreman_docker-0:0.0.3.10-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-newt-0:0.9.6-1.el7sat *
Red Hat Satellite 6.1 RedHat rubygem-smart_proxy_discovery-0:1.0.3-2.el6 *
Red Hat Satellite 6.1 RedHat rubygem-smart_proxy_discovery_image-0:1.0.5-3.el6 *

References