Two separate security issues have been reported to the project, and
patches are now available for them. These affect all versions of
Foreman, but require a login to exploit.
We'd like to thank Ramon de C Valle for discovering and reporting the
vulnerabilities to us.
-
Remote code execution in Foreman via bookmark controller name
CVE identifier: CVE-2013-2121
CVSS v2 score: 6 (Important)
Issue tracker: Bug #2631: Remote code execution in Foreman via bookmark controller name - ForemanPatch for Foreman 1.1:
https://github.com/theforeman/foreman/commit/8920e796.patch -
Users with create/edit user permissions can escalate to admin
CVE identifier: CVE-2013-2113
CVSS v2 score: 3.5 (Moderate)
Issue tracker: Bug #2630: Users with create/edit user permissions can escalate to admin - ForemanPatch for Foreman 1.1:
https://github.com/theforeman/foreman/commit/7eadf32c.patch
Fixes will be available in Foreman 1.2.0-RC2, which should be out today.
Foreman 1.1 users can apply the backported patches above to your
installation (I recommend that you backup /usr/share/foreman before
applying them).
Users running from source will find fixes have been pushed to develop,
1.2-stable and 1.1-stable branches.