PT-2018-4983 · Foreman · Foreman
Jitendra Yejare
·
Publicado
2018-09-10
·
Atualizado
2019-10-09
·
CVE-2016-7077
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Foreman versions prior to 1.14.0
Description
The issue is related to an information leak in Foreman. It was discovered that the Foreman form helper does not properly authorize options for associated objects. As a result, an unauthorized user can view the names of such objects if their count is less than 6.
Recommendations
For versions prior to 1.14.0, update to version 1.14.0 or later to resolve the issue.
Exploit
Correção
Improper Authorization
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Foreman