CVE-2015-5233

Name of the Vulnerable Software and Affected Versions Foreman versions 1.8.0 through 1.8.3 Foreman versions 1.9.0 through 1.9.0

Description The issue allows remote authenticated users with the view reports permission to read reports from arbitrary hosts or remote authenticated users with the destroy reports permission to delete reports from arbitrary hosts. This can be achieved via direct access to individual report show/delete pages or APIs.

Recommendations For Foreman versions 1.8.0 through 1.8.3, update to version 1.8.4 to resolve the issue. For Foreman versions 1.9.0 through 1.9.0, update to version 1.9.1 to resolve the issue.