PT-2016-5968 · Foreman · Foreman
Ivan Necas
·
Published
2016-08-19
·
Updated
2023-02-12
·
CVE-2016-4475
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foreman versions prior to 1.11.4
Foreman versions 1.12.x prior to 1.12.0-RC3
Description
The issue allows remote authenticated users to bypass organization and location restrictions. This enables users to read, edit, or delete arbitrary organizations or locations. The exact vectors used for exploitation are not specified.
Recommendations
For Foreman versions prior to 1.11.4, update to version 1.11.4 or later.
For Foreman versions 1.12.x prior to 1.12.0-RC3, update to version 1.12.0-RC3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foreman