Vulnerability & Exploit Database

Back to search

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must have 'create_users' permission (e.g., Manager role).

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

auxiliary/admin/http/foreman_openstack_satellite_priv_esc

Authors

  • Ramon de C Valle <rcvalle [at] metasploit.com>

References

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/http/foreman_openstack_satellite_priv_esc msf auxiliary(foreman_openstack_satellite_priv_esc) > show actions ...actions... msf auxiliary(foreman_openstack_satellite_priv_esc) > set ACTION <action-name> msf auxiliary(foreman_openstack_satellite_priv_esc) > show options ...show and set options... msf auxiliary(foreman_openstack_satellite_priv_esc) > run