Red Hat Security Advisory 2015-1592-01 - It was discovered that, in Foreman, the edit_users permission (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permission could use this flaw to access an admin user account, leading to an escalation of privileges. It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. Various other issues have been addressed.
cdf608cfa24fc22871609d6f9df93cee67aa4d00fbeb3d9416c2eab226a6977dRed Hat Security Advisory 2015-1591-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7. It was discovered that in Foreman the edit_users permissions allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.
d641fc01d148890ec2b254ae48c610e9aeb533b6def3d3db37be60887824569f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed