Project

General

Custom queries

Profile

Actions
Copy link

Bug #15490

closed

CVE-2016-4995 - view_hosts permissions/filters not checked for provisioning template previews

Added by Dominic Cleal almost 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Security
Target version:
1.11.4
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/2428
Fixed in Releases:
Found in Releases:
1.11.0
Red Hat JIRA:

Description

Users who are logged in with permissions to view some hosts are able to preview provisioning templates for any host by specifying its hostname in the URL, as the specific view_hosts permissions and filters aren't checked. If the organization or location features are enabled, the user will still be restricted to their associated orgs/locs.

This can disclose configuration information about the host, including root password hashes if used in preseed/kickstart templates.

Foreman versions 1.11.0 and higher are vulnerable.

Related issues 2 (0 open2 closed)

Related to Foreman - Refactor #13039: Remove DB queries from class of UnattendedControllerClosedDominic Cleal01/07/2016Actions
Related to Foreman - Bug #10689: Unattended controller permission check does not workDuplicateLukas Zapletal06/03/2015Actions
Actions
Copy link
 #3

Updated by Dominic Cleal almost 9 years ago

This vuln was introduced by #13039, but the patch for #10689 (which itself is now resolved) should serve to fix the issue when the ticket number's updated.

Actions
Copy link
 #7

Updated by Lukas Zapletal over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF