PT-2016-5961 · Foreman · Foreman
Marek Hulán
·
Published
2016-08-19
·
Updated
2023-02-12
·
CVE-2016-4451
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Foreman versions prior to 1.11.3
Foreman versions 1.12.x prior to 1.12.0-RC1
Description
The issue allows remote authenticated users with unlimited filters to bypass organization and location restrictions. This can be achieved by leveraging knowledge of the id of an arbitrary organization, enabling the user to read or modify data for that organization.
Recommendations
For versions prior to 1.11.3, update to version 1.11.3 or later.
For versions 1.12.x prior to 1.12.0-RC1, update to version 1.12.0-RC1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foreman