Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4995

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Published

2016-08-19T21:59:10.430

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	theforeman	foreman	< 1.11.4	Yes
Application	theforeman	foreman	< 1.12.1	Yes

References

http://projects.theforeman.org/issues/15490 Patch, Vendor Advisory ([email protected])
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073 Patch, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0336 Third Party Advisory ([email protected])
https://theforeman.org/security.html#2016-4995 Vendor Advisory ([email protected])
http://projects.theforeman.org/issues/15490 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0336 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://theforeman.org/security.html#2016-4995 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)