CVE-2016-7078
Last modified
CVE-2016-7078 is a vulnerability of currently unknown severity. foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). EPSS estimates a 1.36% chance of exploitation in the next 30 days.
Description
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | 1.15.0 |
References
- http://www.securityfocus.com/bid/96385Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078Issue Tracking, Third Party Advisory
- https://projects.theforeman.org/issues/16982Vendor Advisory
- https://seclists.org/oss-sec/2017/q1/470Mailing List, Third Party Advisory
- https://theforeman.org/security.html#2016-7078Vendor Advisory
- http://www.securityfocus.com/bid/96385Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078Issue Tracking, Third Party Advisory
- https://projects.theforeman.org/issues/16982Vendor Advisory
- https://seclists.org/oss-sec/2017/q1/470Mailing List, Third Party Advisory
- https://theforeman.org/security.html#2016-7078Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-7078?
How severe is CVE-2016-7078?
How do I fix CVE-2016-7078?
Are you affected by CVE-2016-7078?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST