Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7078

Опубликовано: 18 окт. 2016
Источник: redhat
CVSS3: 4.3
CVSS2: 3.5
EPSS Низкий

Описание

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned no organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenStack ForemanforemanWill not fix
Red Hat Ceph Storage 1.3foremanWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) InstallerforemanWill not fix
Red Hat Satellite 6.3 for RHEL 7candlepinFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foremanFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-discovery-imageFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-installerFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-proxyFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-selinuxFixedRHSA-2018:033621.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1386244foreman: Information leak through organizations and locations feature

EPSS

Процентиль: 54%
0.00316
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-7078

CVSS3: 4.3
nvd
больше 7 лет назад

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

debian логотип

CVE-2016-7078

CVSS3: 4.3
debian
больше 7 лет назад

foreman before version 1.15.0 is vulnerable to an information leak thr ...

github логотип

GHSA-c2qx-mg67-hwxr

CVSS3: 4.3
github
больше 3 лет назад

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

EPSS

Процентиль: 54%
0.00316
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2