Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2015-3235

Published: 14/08/2015 Updated: 13/02/2023
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Foreman

Vulnerability Summary

Foreman prior to 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

theforeman foreman

Vendor Advisories

Red Hat: CVE-2015-3235
It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges ...

References

CWE-264https://access.redhat.com/errata/RHSA-2015:1592https://access.redhat.com/errata/RHSA-2015:1591http://projects.theforeman.org/issues/10829https://bugzilla.redhat.com/show_bug.cgi?id=1232366http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3235
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook