Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Foreman 安全漏洞
Vulnerability Description
Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。 Foreman 1.15.1之前的版本中存在身份验证漏洞。攻击者可利用该漏洞以管理员权限执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A