CVE-2016-7077

Summary

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

Affected Software

VendorProductVersion RangeStatus
Foremanforemanforeman 1.14.0affected

Weaknesses

  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

References