Privilege Escalation: Remote Authenticated Users can Edit Administrator Users and Change Passwords in Foreman before 1.9.0

Privilege Escalation: Remote Authenticated Users can Edit Administrator Users and Change Passwords in Foreman before 1.9.0

CVE-2015-3235 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.

Learn more about our User Device Pen Test.