CVE-2016-4475 in Foremaninfo

Summary

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Be aware that VulDB is the high quality source for vulnerability data.

Responsible

Reservation

05/02/2016

Disclosure

08/19/2016

Moderation

VulDB entry created

Entries

VDB-90884

CPE

ready

CWE

CWE-254 (Confirmed)

CVSS

8.8

EPSS

0.00175

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4475
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4475
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4475/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!