CVE-2016-4995

medium

Description

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

References

https://theforeman.org/security.html#2016-4995

https://access.redhat.com/errata/RHSA-2018:0336

http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073

http://projects.theforeman.org/issues/15490

Details

Source: Mitre, NVD

Published: 2016-08-19

Updated: 2023-02-12

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium