Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Foreman | Theforeman | 1.5.0 (including) | 1.5.0 (including) |
| Foreman | Theforeman | 1.5.0-rc1 (including) | 1.5.0-rc1 (including) |
| Foreman | Theforeman | 1.5.0-rc2 (including) | 1.5.0-rc2 (including) |
| Foreman | Theforeman | 1.5.1 (including) | 1.5.1 (including) |
| Foreman | Theforeman | 1.5.2 (including) | 1.5.2 (including) |
| Foreman | Theforeman | 1.5.3 (including) | 1.5.3 (including) |
| Foreman | Theforeman | 1.6.0 (including) | 1.6.0 (including) |
| Foreman | Theforeman | 1.6.0-rc1 (including) | 1.6.0-rc1 (including) |
| Foreman | Theforeman | 1.6.0-rc2 (including) | 1.6.0-rc2 (including) |
| Foreman | Theforeman | 1.6.1 (including) | 1.6.1 (including) |
| Foreman | Theforeman | 1.6.3 (including) | 1.6.3 (including) |
| Foreman | Theforeman | 1.7.0 (including) | 1.7.0 (including) |
| Foreman | Theforeman | 1.7.0-rc1 (including) | 1.7.0-rc1 (including) |
| Foreman | Theforeman | 1.7.0-rc2 (including) | 1.7.0-rc2 (including) |
| Foreman | Theforeman | 1.7.1 (including) | 1.7.1 (including) |
| Foreman | Theforeman | 1.7.2 (including) | 1.7.2 (including) |
| Foreman | Theforeman | 1.7.3 (including) | 1.7.3 (including) |
| Foreman | Theforeman | 1.7.4 (including) | 1.7.4 (including) |
| Foreman | Theforeman | 1.7.5 (including) | 1.7.5 (including) |
| Foreman | Theforeman | 1.8.0 (including) | 1.8.0 (including) |
| Foreman | Theforeman | 1.8.0-rc1 (including) | 1.8.0-rc1 (including) |
| Foreman | Theforeman | 1.8.0-rc2 (including) | 1.8.0-rc2 (including) |
| Foreman | Theforeman | 1.8.0-rc3 (including) | 1.8.0-rc3 (including) |
| Foreman | Theforeman | 1.8.1 (including) | 1.8.1 (including) |
| Foreman | Theforeman | 1.8.2 (including) | 1.8.2 (including) |
| Foreman | Theforeman | 1.8.3 (including) | 1.8.3 (including) |
| Foreman | Theforeman | 1.8.4 (including) | 1.8.4 (including) |
| Foreman | Theforeman | 1.9.0 (including) | 1.9.0 (including) |
| Foreman | Theforeman | 1.9.0-rc1 (including) | 1.9.0-rc1 (including) |
| Foreman | Theforeman | 1.9.0-rc2 (including) | 1.9.0-rc2 (including) |
| Foreman | Theforeman | 1.9.0-rc3 (including) | 1.9.0-rc3 (including) |
| Foreman | Theforeman | 1.9.1 (including) | 1.9.1 (including) |
| Foreman | Theforeman | 1.9.2 (including) | 1.9.2 (including) |
| Foreman | Theforeman | 1.9.3 (including) | 1.9.3 (including) |
| Foreman | Theforeman | 1.10.0 (including) | 1.10.0 (including) |
| Foreman | Theforeman | 1.10.0-rc1 (including) | 1.10.0-rc1 (including) |
| Foreman | Theforeman | 1.10.0-rc2 (including) | 1.10.0-rc2 (including) |
| Foreman | Theforeman | 1.10.0-rc3 (including) | 1.10.0-rc3 (including) |
| Foreman | Theforeman | 1.10.1 (including) | 1.10.1 (including) |
| Foreman | Theforeman | 1.10.2 (including) | 1.10.2 (including) |
| Foreman | Theforeman | 1.10.3 (including) | 1.10.3 (including) |
| Foreman | Theforeman | 1.10.4 (including) | 1.10.4 (including) |
| Foreman | Theforeman | 1.11.0 (including) | 1.11.0 (including) |
| Foreman | Theforeman | 1.11.0-rc1 (including) | 1.11.0-rc1 (including) |
| Foreman | Theforeman | 1.11.0-rc2 (including) | 1.11.0-rc2 (including) |
| Foreman | Theforeman | 1.11.0-rc3 (including) | 1.11.0-rc3 (including) |
| Foreman | Theforeman | 1.11.1 (including) | 1.11.1 (including) |
| Foreman | Theforeman | 1.11.2 (including) | 1.11.2 (including) |
| Foreman | Theforeman | 1.11.3 (including) | 1.11.3 (including) |
| Foreman | Theforeman | 1.11.4 (including) | 1.11.4 (including) |
| Foreman | Theforeman | 1.12.0 (including) | 1.12.0 (including) |
| Foreman | Theforeman | 1.12.0-rc1 (including) | 1.12.0-rc1 (including) |
| Foreman | Theforeman | 1.12.0-rc2 (including) | 1.12.0-rc2 (including) |
| Foreman | Theforeman | 1.12.0-rc3 (including) | 1.12.0-rc3 (including) |
| Foreman | Theforeman | 1.12.1 (including) | 1.12.1 (including) |
| Foreman | Theforeman | 1.12.2 (including) | 1.12.2 (including) |
| Foreman | Theforeman | 1.12.3 (including) | 1.12.3 (including) |
| Foreman | Theforeman | 1.12.4 (including) | 1.12.4 (including) |
| Foreman | Theforeman | 1.13.0 (including) | 1.13.0 (including) |
| Foreman | Theforeman | 1.13.0-rc1 (including) | 1.13.0-rc1 (including) |
| Foreman | Theforeman | 1.13.0-rc2 (including) | 1.13.0-rc2 (including) |
| Foreman | Theforeman | 1.13.1 (including) | 1.13.1 (including) |
| Foreman | Theforeman | 1.13.2 (including) | 1.13.2 (including) |
| Foreman | Theforeman | 1.13.3 (including) | 1.13.3 (including) |
| Foreman | Theforeman | 1.13.4 (including) | 1.13.4 (including) |
| Foreman | Theforeman | 1.14.0 (including) | 1.14.0 (including) |
| Foreman | Theforeman | 1.14.0-rc1 (including) | 1.14.0-rc1 (including) |
| Foreman | Theforeman | 1.14.0-rc2 (including) | 1.14.0-rc2 (including) |
| Foreman | Theforeman | 1.14.0-rc3 (including) | 1.14.0-rc3 (including) |
| Foreman | Theforeman | 1.14.1 (including) | 1.14.1 (including) |
| Foreman | Theforeman | 1.14.2 (including) | 1.14.2 (including) |
| Foreman | Theforeman | 1.14.3 (including) | 1.14.3 (including) |
| Foreman | Theforeman | 1.15.0 (including) | 1.15.0 (including) |
| Foreman | Theforeman | 1.15.0-rc1 (including) | 1.15.0-rc1 (including) |
| Foreman | Theforeman | 1.15.0-rc2 (including) | 1.15.0-rc2 (including) |