CVE-2016-4995

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4995
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4995.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4995
Related
Published
2016-08-19T21:59:10Z
Modified
2024-09-03T01:19:28.194203Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events

Affected versions

1.*

1.11.0
1.11.1
1.11.2
1.11.3