6
CVE-2016-4451
- EPSS 0.93%
- Veröffentlicht 19.08.2016 21:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Theforeman ≫ Foreman Version <= 1.11.2
Theforeman ≫ Foreman Version1.12.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.93% | 0.56 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 1.6 | 3.4 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
https://access.redhat.com/errata/RHSA-2018:0336
http://projects.theforeman.org/issues/15182
http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c
https://theforeman.org/security.html#2016-4451