CVE-2016-4995 - OpenCVE

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Theforeman	Foreman

Configuration 1 [-]

OR	cpe:2.3:a:theforeman:foreman::::::::
	cpe:2.3:a:theforeman:foreman::::::::

References

Link	Resource
http://projects.theforeman.org/issues/15490	Patch Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0336	Third Party Advisory
https://theforeman.org/security.html#2016-4995	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-08-19T21:00:00

Updated: 2018-02-22T10:57:01

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-4995

JSON object: View

NVD Information

Status : Modified

Published: 2016-08-19T21:59:10.430

Modified: 2023-02-12T23:22:38.927

Link: CVE-2016-4995

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2E79D62-B04D-4328-8905-FC0501476A7C", "versionEndExcluding": "1.11.4", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5B32915-2453-4928-8EDC-FA35B382BA47", "versionEndExcluding": "1.12.1", "versionStartIncluding": "1.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname."}, {"lang": "es", "value": "Foreman en versiones anteriores a 1.11.4 y 1.12.x en versiones anteriores a 1.12.1 no restringe correctamente el acceso para previsualizar las plantillas de provisionamiento, lo que permite a usuarios remotos autenticados con permisos para ver algunos anfitriones obtener informaci\u00f3n de configuraci\u00f3n de anfitri\u00f3n sensible a trav\u00e9s de una URL con un nombre de anfitri\u00f3n."}], "id": "CVE-2016-4995", "lastModified": "2023-02-12T23:22:38.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-19T21:59:10.430", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://projects.theforeman.org/issues/15490"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0336"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://theforeman.org/security.html#2016-4995"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}