CVE-2016-7077
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foreman | foreman | foreman 1.14.0 | affected |
Weaknesses
- CWE-285: CWE-285
ADP Enrichment
CVE Program Container
Additional References
- https://theforeman.org/security.html#2016-7077
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
- http://www.securityfocus.com/bid/94230
- https://projects.theforeman.org/issues/16971
References
- https://theforeman.org/security.html#2016-7077
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
- http://www.securityfocus.com/bid/94230
- https://projects.theforeman.org/issues/16971
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.