CVE-2016-5390

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-5390

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5390.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5390

Published

2016-08-19T21:59:11.387Z

Modified

2026-03-14T09:20:00.060737Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type

GIT

Repo

https://github.com/theforeman/smart-proxy

Events

Introduced

27b23f5ab93b02faf66bb93579b79d52bcc4847f

Fixed

4198ca38d7b8eb6695a61023a9fccf97fb59be86

Introduced

fb319164de15280fb59bc25448d7f00d86703d15

Fixed

4252c1083d5e16c375cd450abdf6fd24ac952048

Database specific

{
    "versions": [
        {
            "introduced": "1.11.0"
        },
        {
            "fixed": "1.11.4"
        },
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.1"
        }
    ]
}

Affected versions

1.*

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5390.json"