cbcvebase.
CVE-2016-7078
published 2018-09-10

CVE-2016-7078: foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_…

PriorityP420medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
1.36%
68.3th percentile
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

Affected

2 ranges
VendorProductVersion rangeFixed in
foremanforeman
theforemanforeman

CVSS provenance

nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2016-7078 — Improper Authorization in Foreman | cvebase