Описание
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
It was found that access to private bookmarks of users is not properly restricted in Foreman. This could allow an attacker to view the search terms used in these bookmarks which should be private.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Under investigation | ||
| Red Hat Ceph Storage 1.3 | foreman | Under investigation | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | foreman | Under investigation | ||
| Red Hat Satellite 6.2 for RHEL 6 | createrepo_c | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | facter | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | gperftools | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | hiera | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | ipxe | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | liquibase | Fixed | RHBA-2016:1500 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | livecd-tools | Fixed | RHBA-2016:1500 | 27.07.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS2
Связанные уязвимости
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authen ...
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
EPSS
5.5 Medium
CVSS2