{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2015-3199", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-02-12T00:00:00", "dateRejected": "2023-02-12T00:00:00", "dateReserved": "2015-04-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a product. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a product. Notes: none."}], "id": "CVE-2015-3199", "lastModified": "2023-11-07T02:25:32.060", "metrics": {}, "published": "2015-07-10T19:59:00.083", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "foreman_discovery: auto provision rule does not enforce host group association to org/location", "id": "1220853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1220853"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-285", "details": ["[REJECTED CVE] It was found that the Foreman Discovery plug-in's auto provision rules did not correctly enforce group association to an organization or a location.\nSteps to reproduce:\n1. log in with a user that has 2 locations (A, B)\n2. discover a host and make sure it is connected to location B\n3. create a hostgroup in location A\n4. create a discovery rule in location B to match the discovered host and use the hostgroup from 3\n5. log in with a user with permissions to location B only\n6. you can see in the discovery rules index page the rule with the hostgroup you created (you can't access the hostgroup)\n7. auto provision the discovered host\n8. go to hosts - the host was provisioned using a hostgroup the second user doesn't have permissions for"], "name": "CVE-2015-3199", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Not affected", "package_name": "ruby193-rubygem-foreman_discovery", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Not affected", "package_name": "ruby193-rubygem-foreman_discovery", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-rubygem-foreman_discovery", "product_name": "Red Hat Satellite 6"}], "public_date": "2015-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3199\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3199"], "statement": "This CVE has been rejected upstream, because investigation showed that it was not a security issue in a product and does not affect any released upstream version.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}