CVE-2016-7077

Опубликовано: 10 сент. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

Ссылки

http://www.securityfocus.com/bid/94230
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
Issue Tracking
Third Party Advisory
https://projects.theforeman.org/issues/16971
Exploit
Vendor Advisory
https://theforeman.org/security.html#2016-7077
Vendor Advisory
http://www.securityfocus.com/bid/94230
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
Issue Tracking
Third Party Advisory
https://projects.theforeman.org/issues/16971
Exploit
Vendor Advisory
https://theforeman.org/security.html#2016-7077
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия до 1.14.0 (исключая)

EPSS

Процентиль: 48%

0.00251

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

CWE-200

Связанные уязвимости

CVE-2016-7077

CVSS3: 4.3

redhat

больше 9 лет назад

CVE-2016-7077

CVSS3: 4.3

debian

больше 7 лет назад

foreman before 1.14.0 is vulnerable to an information leak. It was fou ...

GHSA-qw4f-j9p2-3626

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 48%

0.00251

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

CWE-200