CVE-2016-7078

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.15.0

Description The issue allows an information leak through the organizations and locations feature. When a user is not assigned to any organizations or locations, they can view all resources, similar to an administrator's view, although their actions are still restricted by their assigned permissions, controlling viewing, editing, and deletion.

Recommendations For versions prior to 1.15.0, update to version 1.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources or implementing additional permission checks to minimize the risk of unauthorized information disclosure.