1339889 – (CVE-2016-4451) CVE-2016-4451 foreman: privilege escalation through Organization and Locations API

Bug 1339889 (CVE-2016-4451) - CVE-2016-4451 foreman: privilege escalation through Organization and Locations API

Summary: CVE-2016-4451 foreman: privilege escalation through Organization and Location...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-4451
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1340107
Blocks:	1339890 1432305
TreeView+	depends on / blocked

Reported:	2016-05-26 05:36 UTC by Martin Prpič
Modified:	2021-10-21 00:52 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:52:38 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:0336	0	normal	SHIPPED_LIVE	Important: Satellite 6.3 security, bug fix, and enhancement update	2018-02-21 22:43:42 UTC

Description Martin Prpič 2016-05-26 05:36:10 UTC

Marek Hulán of Red Hat reports:

When accessing Foreman as a user limited to specific organization, having access to other organization IDs and having unlimited filters could allow a user to access/modify other organization data by using the organization ID as an API parameter.

Upstream bug:

http://projects.theforeman.org/issues/15182

Upstream patch:

https://github.com/theforeman/foreman/pull/3553/commits/42066cfa19de316449954079c07bdf1e4cc5eb0a

Comment 1 Kurt Seifried 2016-07-25 15:21:51 UTC

Upstream Patches:
https://github.com/theforeman/foreman/commit/1144040f444b4bf4aae81940a150b26b23b4623c
https://github.com/theforeman/foreman/commit/a30ab44ed6f140f1791afc51a1e448afc2ff28f9

Comment 2 Kurt Seifried 2017-07-15 01:57:26 UTC

Acknowledgments:

Name: Marek Hulán (Red Hat)

Comment 4 errata-xmlrpc 2018-02-21 12:27:16 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.3 for RHEL 7

Via RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.

abaron
apevec
bkearney
cbillett
ceph-eng-bugs
chrisw
cvsbot-xmlrpc
jjoyce
jmatthew
jschluet
lhh
lpeer
markmc
mburns
mmccune
ohadlevy
rbryant
satellite6-bugs
sclewis
sisharma
srevivo
tdecacqu
tlestach
tsanders