CVE-2016-7078
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-7078
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7078.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-7078
- Related
- Published
- 2018-09-10T15:29:04Z
- Modified
- 2024-09-03T01:25:30.277614Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned no organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.
- References
-
- http://www.securityfocus.com/bid/96385
- https://projects.theforeman.org/issues/16982
- https://theforeman.org/security.html#2016-7078
- https://seclists.org/oss-sec/2017/q1/470
- https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078
Affected packages
Git / github.com/theforeman/foreman
Affected ranges
- Type
- GIT
- Repo
- https://github.com/theforeman/foreman
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/theforeman/foreman-installer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/theforeman/smart-proxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected