CVE-2016-7077

medium

Description

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

References

https://theforeman.org/security.html#2016-7077

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077

http://www.securityfocus.com/bid/94230

Details

Source: Mitre, NVD

Published: 2018-09-10

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium