PT-2016-5968 · Foreman · Foreman
Ivan Necas
·
Publicado
2016-08-19
·
Atualizado
2023-02-12
·
CVE-2016-4475
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foreman versions prior to 1.11.4
Foreman versions 1.12.x prior to 1.12.0-RC3
Description
The issue allows remote authenticated users to bypass organization and location restrictions. This enables users to read, edit, or delete arbitrary organizations or locations. The exact vectors used for exploitation are not specified.
Recommendations
For Foreman versions prior to 1.11.4, update to version 1.11.4 or later.
For Foreman versions 1.12.x prior to 1.12.0-RC3, update to version 1.12.0-RC3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Foreman