PT-2016-5961 · Foreman · Foreman

Marek Hulán

Publicado

2016-08-19

Atualizado

2023-02-12

CVE-2016-4451

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.11.3 Foreman versions 1.12.x prior to 1.12.0-RC1

Description The issue allows remote authenticated users with unlimited filters to bypass organization and location restrictions. This can be achieved by leveraging knowledge of the id of an arbitrary organization, enabling the user to read or modify data for that organization.

Recommendations For versions prior to 1.11.3, update to version 1.11.3 or later. For versions 1.12.x prior to 1.12.0-RC1, update to version 1.12.0-RC1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

CVE-2016-4451

RHSA-2018:0336

Produtos afetados

Foreman

PT-2016-5961 · Foreman · Foreman

CVE-2016-4451

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6