Vulnerability in Theforeman Foreman

CVE-2015-3235

Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.

EPSS: 0.006 (69.0th percentile) — read the EPSS interpretation.

Affected products

Theforeman Foreman
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:1592 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:1591 (x_refsource_REDHAT, vendor-advisory)