What is CVE-2017-7505?

CVE-2017-7505 is a high-severity vulnerability in Foreman, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2017-05-26.

How severe is CVE-2017-7505?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Foreman

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator…

Vulnerability class: Broken Access Control

EPSS: 0.003 (54.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Foreman — versions 1.5 and higher
Theforeman Foreman — versions 1.5.0, 1.5.1, 1.5.2

Weakness classification (CWE)

References

secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2017-7505?: CVE-2017-7505 is a high-severity vulnerability in Foreman, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2017-05-26.
How severe is CVE-2017-7505?: High severity. CVSS v3 base score is 8.8 out of 10.