Dominic Cleal of Red Hat reported the below issue in Foreman: A user with the edit_users permission (e.g. with the Manager role) is allowed to edit admin users. This allows them to change the password of the admin user's account and gain access to it. Upstream bug: http://projects.theforeman.org/issues/10829 Upstream fix: pull request not yet merged, see upstream bug
Updated CVSS2 scoring.
This issue has been addressed in the following products: Red Hat Satellite 6.1 Via RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1591
This issue has been addressed in the following products: Red Hat Satellite 6.1 Via RHSA-2015:1592 https://access.redhat.com/errata/RHSA-2015:1592