Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
References
Link | Resource |
---|---|
http://projects.theforeman.org/issues/15490 | Patch Vendor Advisory |
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073 | Patch Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0336 | Third Party Advisory |
https://theforeman.org/security.html#2016-4995 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-08-19T21:00:00
Updated: 2018-02-22T10:57:01
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-4995
JSON object: View
NVD Information
Status : Modified
Published: 2016-08-19T21:59:10.430
Modified: 2023-02-12T23:22:38.927
Link: CVE-2016-4995
JSON object: View
Redhat Information
No data.
CWE