A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
Metrics
Affected Vendors & Products
References
History
Thu, 02 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite:6.19::el9 cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite_capsule:6.19::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.19::el9 cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_utils:6.19::el9 |
|
| References |
|
Wed, 01 Jul 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat satellite Capsule
Redhat satellite Maintenance Redhat satellite Utils |
|
| CPEs | cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_utils:6.18::el9 |
|
| Vendors & Products |
Redhat satellite Capsule
Redhat satellite Maintenance Redhat satellite Utils |
|
| References |
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries. | |
| Title | Foreman: foreman: unauthorized modification of host configurations via broken access control | |
| First Time appeared |
Redhat
Redhat satellite |
|
| Weaknesses | CWE-639 | |
| CPEs | cpe:/a:redhat:satellite:6 | |
| Vendors & Products |
Redhat
Redhat satellite |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-01T23:53:14.087Z
Reserved: 2026-03-30T10:42:55.307Z
Link: CVE-2026-5135
Updated: 2026-07-01T14:52:31.307Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T10:30:15Z