CVE-2016-7078

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7078
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7078.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7078
Related
Published
2018-09-10T15:29:04Z
Modified
2024-09-03T01:25:30.277614Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned no organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.1
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.2rc2
0.3
0.3.1
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5

1.*

1.0
1.0.1
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.15.0
1.15.0-RC1
1.15.0-RC2
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5