CVE-2015-5233

Name: CVE-2015-5233
Creator: NVD / NIST
Published: 2016-04-11T21:59:01.913+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.16%

Last modified Jun 17, 2026

CVE-2015-5233 is a vulnerability of currently unknown severity. Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.

Metrics

EPSS Probability

1.16%

63.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Theforeman	Foreman	<= 1.8.3
Theforeman	Foreman	1.9.0
Redhat	Satellite	6.1

References

http://projects.theforeman.org/issues/11579Patch, Vendor Advisory
http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorizationVendor Advisory
https://access.redhat.com/errata/RHSA-2015:2622
http://projects.theforeman.org/issues/11579Patch, Vendor Advisory
http://theforeman.org/security.html#CVE-2015-5233:reportsshow/destroynotrestrictedbyhostauthorizationVendor Advisory
https://access.redhat.com/errata/RHSA-2015:2622

Timeline

Published: Apr 11, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5233?

How severe is CVE-2015-5233?

Severity scoring for CVE-2015-5233 is pending analysis. The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5233?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5233?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST