1232366 – (CVE-2015-3235) CVE-2015-3235 foreman: edit_users permission allows changing of admin passwords

Bug 1232366 (CVE-2015-3235) - CVE-2015-3235 foreman: edit_users permission allows changing of admin passwords

Summary: CVE-2015-3235 foreman: edit_users permission allows changing of admin passwords

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3235
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1233084
Blocks:	1145400 1232367 1253077
TreeView+	depends on / blocked

Reported:	2015-06-16 14:52 UTC by Vasyl Kaigorodov
Modified:	2019-09-29 13:33 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.
Clone Of:
Environment:
Last Closed:	2016-02-22 03:08:42 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1591	0	normal	SHIPPED_LIVE	Important: Red Hat Satellite 6.1.1 on RHEL 7	2015-08-12 08:49:40 UTC
Red Hat Product Errata	RHSA-2015:1592	0	normal	SHIPPED_LIVE	Important: Red Hat Satellite 6.1.1 on RHEL 6	2015-08-12 09:04:35 UTC

Description Vasyl Kaigorodov 2015-06-16 14:52:06 UTC

Dominic Cleal of Red Hat reported the below issue in Foreman:

A user with the edit_users permission (e.g. with the Manager role) is allowed to edit admin users. This allows them to change the password of the admin user's account and gain access to it.

Upstream bug: http://projects.theforeman.org/issues/10829
Upstream fix: pull request not yet merged, see upstream bug

Comment 1 Kurt Seifried 2015-07-29 17:17:12 UTC

Updated CVSS2 scoring.

Comment 2 errata-xmlrpc 2015-08-12 04:52:13 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1591

Comment 3 errata-xmlrpc 2015-08-12 05:31:01 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.1

Via RHSA-2015:1592 https://access.redhat.com/errata/RHSA-2015:1592

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
bkearney
chrisw
cpelland
cperry
dallan
gkotton
gmollett
jrusnack
katello-bugs
lhh
lpeer
markmc
mburns
mmccune
ohadlevy
rbryant
rhos-maint
sclewis
tjay
yeylon