CVE-2017-7505

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7505
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7505.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7505
Published
2017-05-26T16:29:00.307Z
Modified
2026-03-20T03:18:56.209185Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b87baf4a92103015572464391e95574fede5f7c3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
51bf654536f7464a69349fd27d6ecc7bfffb1923
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f5012a2b541c9b3e544625ec8a7fcfb036a08e37
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
02f7a9a670fa30c101422f8fe3de67822097be9d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bbb47d4d983bc5dff6d86d77ac4b5ce6934c2fa7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
662c3fd484297d4a91b352cbf92d3c4ef8d85ca7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0b1c8fe2f1974a5577339ed07817ea9db961bad
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7afc2bc74c22d6485a1d9dfd78c9a742907ca92
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7227524f407778f0702a3f94a9f5f460a22c6be
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ac851c834c23a87703a4e6043aa8e12745ef71c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3c9868d390ed8482553eaaaf9a90ac604d5276c3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
260fe00d2c2924a3902f1830c256c6234e13ef15
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3870505c916123eb5b35527a3a42285bb1e75d7e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06d6bd133ae39eb0c405d073e56712e9cc8b3b61
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e57e7bc2353d92963a8c708a03e0b4f36a8e244b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c2488acb000919cdbac96e807d320a35bd15eb35
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
09597ed37e9dc421adb372059cf924de5655a8d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac21bad85f7d40f575c60eaee7216293ea70c60b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
748c45ca366ea2c6e970035dfc0007bfdf65ad10
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4dfba56addc09ed30838b647d2360fe249e4ce9a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1a5f498c3fb0acf16a3f7968d2333e3789cfcadc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f4405d9302ee10ac94b453f057281d21fae6de7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ba2fa0c6076eadb8600859a9f22e83880c6536a3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
20af472193621cc280eaf52a60aebe5e837a0f72
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
32dd0f0b4bbf62738e29cec3ea015e9af9bb51f1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3d29f6b8727a87aa8aefad7249b3815783bc4a63
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
26088d93995eb07a2c7b7c9c2a8321b8fefb8784
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de8f257301bc2992953d00f1bf36618b6ad52778
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b69c31b385457009451003b68862bc13c392a015
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75006ee16dd4759d9654b6e795cb8afb38e00dbe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0b88287e7f5638dd9b9760dda1693627340d79f5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cf25afcf0e69e8722497ba56d7a92a73a1f2406
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f006810cd45d8d0080106a85fd52a4ba9dcafe40
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d9bf23d7f20049cace5dcc59d5e8f3d021d06e1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53d3a38e8667fbb2bec7c0c1fa68e7e16cfae910
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
66af19e8afa92385f6cf0da8a68d7d663b77d6bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b39379cdb74b0dd5b2e98e4e8ae36de40ad78b4a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d0bfb8c23a212b901b378ad2b578339366f50898
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0aa08b75c463a23f9c2774773447a7ed5bcce2ab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c7b5e542ac3977325d44f038c91ab636655d28d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8c7d94981dd1d6634ba5379a9fd92ef7c16dc9c2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
101f1bbb0e4a3b7c4d057af98bc35bf31f21683c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27b23f5ab93b02faf66bb93579b79d52bcc4847f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
515fc38cd5b70c54d334e200a39212e87b3e1d35
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0f8697bfca6d733f39cd0afed9a08d36861ea354
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0fc7173e8ed5ba201053f6938d661e887e1250b0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e5e958765d3982cda306a8e2b433c91149314fef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
32fc25f8928a8974c54d379991b0b0355ab4d6b4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d667afe8456c69534f2de0d84a0a95df872e8e7d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4198ca38d7b8eb6695a61023a9fccf97fb59be86
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fb319164de15280fb59bc25448d7f00d86703d15
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7dfa31c63db3b246f814ab7179db4c5530992ff7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a708b35c234972e33667a6342e24366bd1f17ac2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00c3f6616302cb265d2973f81981820c75fe6d3b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4252c1083d5e16c375cd450abdf6fd24ac952048
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ac0de813d538a9a32d6fb25929ced59645677ee
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8e59973034c6746e3e561e6cd1108b89fbf61b3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
23adcf2c39ce1673299d9561545045cf33d732ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d90af6690a03d0ad1ff0ee84e7d0ec95df946db
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1e0807880520ee43b0480afbe4370b57b4dc7ff8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f45728b39a1d08fd86b8a3dc2e698f25f20ded6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
496d96fc45746de6d8aab4fd2792984070342a46
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
71fd931d504cba611b54fc974a9d38462c9b9a92
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8f2570cedb23cdd1feb88a8733d03f54628f2bf5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
30c3649f9c20e4b043e36acc160d3b04d894bab0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ed9a97025cbe88bba7bbaaf01c719bc3ac9a37d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d027cceb6fa5251b8a90708bfafbddd5eae96e61
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e49712a269299d9e9a17902bede4e81c3d6e8059
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7453a85fe47bc83208c3bc210f8f95da6572d2fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2ef7b273e17950fc6fb7801140917eb239d0773
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd9bdc68ee0edd7e14be771259aad2d136022e47
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0cdcfe2ef4cf720377ffbdf69fc36397f6f58062
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
752d8a1075a2db2853442e8fc6dd01f542dd9c3f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b1ef8ec5c51ee3b61af3a4868724a4c802f36e08
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cad31e2c43b14b95907db9cc72ee83d23f32c4ac
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.15.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.15.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.15.0-rc2"
        }
    ]
}

Affected versions

0.*
0.1
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.2rc2
0.3
0.3.1
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.10.0
1.10.0-RC1
1.10.0-RC2
1.10.0-RC3
1.11.0
1.11.0-RC1
1.11.0-RC2
1.11.0-RC3
1.12.0
1.12.0-RC1
1.12.0-RC2
1.12.0-RC3
1.13.0
1.13.0-RC1
1.13.0-RC2
1.14.0
1.14.0-RC1
1.14.0-RC2
1.14.0-RC3
1.15.0
1.15.0-RC1
1.15.0-RC2
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
1.5.0
1.5.0-RC1
1.5.0-RC2
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0-RC1
1.6.0-RC2
1.7.0
1.7.0-RC1
1.7.0-RC2
1.8.0
1.8.0-RC1
1.8.0-RC2
1.8.0-RC3
1.9.0
1.9.0-RC1
1.9.0-RC2
1.9.0-RC3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7505.json"