CVE-2015-1844

Published: Aug 14, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.

Affected (1)

Products: Theforeman: Foreman

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.7.4

Related CWEs

References (12)

http://projects.theforeman.org/issues/9947

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2015:1591

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2015:1592

Source: secalert@redhat.com

https://github.com/theforeman/foreman/pull/2273

Source: secalert@redhat.com

Patch

https://groups.google.com/forum/#%21topic/foreman-announce/37KYWhIk4FY

Source: secalert@redhat.com

https://groups.google.com/forum/#%21topic/foreman-users/qAGZh5n6n6M

Source: secalert@redhat.com

http://projects.theforeman.org/issues/9947

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2015:1591

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2015:1592

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/theforeman/foreman/pull/2273

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://groups.google.com/forum/#%21topic/foreman-announce/37KYWhIk4FY

Source: af854a3a-2127-422b-91ae-364da2661108

https://groups.google.com/forum/#%21topic/foreman-users/qAGZh5n6n6M

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.