VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published May 26, 2017· Updated May 13, 2026

CVE-2017-7505

CVE-2017-7505

Description

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.

Affected products

76
  • Theforeman/Foreman75 versions
    cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*+ 74 more
    • cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.15.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.15.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.6.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*
  • Foreman/foremanv5
    Range: 1.5 and higher

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.