Project

General

Profile

Actions

Bug #2630

closed

Users with create/edit user permissions can escalate to admin

Added by Dominic Cleal over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Any non-admin user with permissions to create or edit other users is able to change the admin flag, or assign roles that they themselves don't have, enabling a privilege escalation.

By default, Foreman ships with a "Site manager" role which has the edit_users permission. Any user assigned this role, or another with equivalent permissions, would be able to enable the admin flag or other roles on a user account.

This security issue has been assigned the identifier CVE-2013-2113. It affects all Foreman versions prior to 1.2.0-RC2.

Thank you to Ramon de C Valle for identifying and notifying us of this vulnerability.

Actions

Also available in: Atom PDF