CVE-2016-4995

Опубликовано: 19 авг. 2016

Источник: nvd

CVSS3: 5.3

CVSS2: 3.5

EPSS Низкий

Описание

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Ссылки

http://projects.theforeman.org/issues/15490
Patch
Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0336
Third Party Advisory
https://theforeman.org/security.html#2016-4995
Vendor Advisory
http://projects.theforeman.org/issues/15490
Patch
Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0336
Third Party Advisory
https://theforeman.org/security.html#2016-4995
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия от 1.11.0 (включая) до 1.11.4 (исключая)

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия от 1.12.0 (включая) до 1.12.1 (исключая)

EPSS

Процентиль: 53%

0.00298

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-4995

CVSS3: 4.3

redhat

больше 9 лет назад

CVE-2016-4995

CVSS3: 5.3

debian

больше 9 лет назад

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restr ...

GHSA-mwjw-3593-mrg6

CVSS3: 5.3

github

больше 3 лет назад

EPSS

Процентиль: 53%

0.00298

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200