8.8

CVE-2016-4475

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TheforemanForeman Version <= 1.11.3
TheforemanForeman Version1.12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.67% 0.838
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://projects.theforeman.org/issues/15268
Patch
Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92125
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHBA-2016:1615
https://theforeman.org/security.html#2016-4475
Vendor Advisory