Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4995

Опубликовано: 22 июн. 2016
Источник: redhat
CVSS3: 4.3
CVSS2: 3.5
EPSS Низкий

Описание

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

A flaw was found in foreman's handling of template previews. An attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, disclosing potentially sensitive information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenStack ForemanforemanWill not fix
Red Hat Ceph Storage 1.3foremanWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) InstallerforemanWill not fix
Red Hat Satellite 6.3 for RHEL 7candlepinFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foremanFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-discovery-imageFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-installerFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-proxyFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-selinuxFixedRHSA-2018:033621.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1348939foreman: Information disclosure in provisioning template previews

EPSS

Процентиль: 53%
0.00298
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-4995

CVSS3: 5.3
nvd
больше 9 лет назад

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

debian логотип

CVE-2016-4995

CVSS3: 5.3
debian
больше 9 лет назад

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restr ...

github логотип

GHSA-mwjw-3593-mrg6

CVSS3: 5.3
github
больше 3 лет назад

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

EPSS

Процентиль: 53%
0.00298
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2