CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-4475

HIGH
8.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile11.81th
Published2016年8月19日
Last Modified2026年5月6日

Vulnerability Description

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Affected Platforms (CPE)

📦
Theforeman

Foreman

<= 1.11.3
📦
Theforeman

Foreman

= 1.12.0

References & Advisories

🔗 http://projects.theforeman.org/issues/15268
🔗 http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9
🔗 http://www.securityfocus.com/bid/92125
🔗 https://access.redhat.com/errata/RHBA-2016:1615
🔗 https://theforeman.org/security.html#2016-4475
🔗 http://projects.theforeman.org/issues/15268
🔗 http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9
🔗 http://www.securityfocus.com/bid/92125

相关漏洞威胁

CVE-2018-146439.8

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this fl...

CVE-2017-75409.8

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Rub...

CVE-2017-75058.8

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who...

CVE-2021-35908.8

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO...