CVE-2016-7077

CWE-285 CWE-200 — Information Exposure5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 51.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Foreman Foreman

Timeline

PublishedSep 10

Latest updateMay 13

Description

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDtheforeman/foreman< 1.14.0

▶CVEListV5foreman/foremanforeman 1.14.0

🔴Vulnerability Details

GHSA

GHSA-qw4f-j9p2-3626: foreman before 1↗2022-05-13

▶

CVEList

CVE-2016-7077: foreman before 1↗2018-09-10

▶

📋Vendor Advisories

Red Hat

foreman: Foreman information leak through unauthorized multiple_checkboxes helper↗2016-10-17

▶

💬Community

Bugzilla

CVE-2016-7077 foreman: Foreman information leak through unauthorized multiple_checkboxes helper↗2016-10-17

▶