Связанные уязвимости
[REJECTED CVE] It was found that the Foreman Discovery plug-in's auto provision rules did not correctly enforce group association to an organization or a location. Steps to reproduce: 1. log in with a user that has 2 locations (A, B) 2. discover a host and make sure it is connected to location B 3. create a hostgroup in location A 4. create a discovery rule in location B to match the discovered host and use the hostgroup from 3 5. log in with a user with permissions to location B only 6. you can see in the discovery rules index page the rule with the hostgroup you created (you can't access the hostgroup) 7. auto provision the discovered host 8. go to hosts - the host was provisioned using a hostgroup the second user doesn't have permissions for