CVE-2016-4451

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-4451

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4451.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-4451

Downstream

RHSA-2018:0336

Published

2016-08-19T21:59:08Z

Modified

2025-11-12T15:01:13.559237Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

References

Affected packages

Git

github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0d79cf5c46c45103378145bf4f61a0cc9fcc5072

Last affected

522fa90e2953631719364921d4985d06f912a42e

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.3

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.11.0

1.11.0-RC1

1.11.0-RC2

1.11.0-RC3

1.11.1

1.11.2

1.12.0

1.12.0-RC1

1.12.0-RC2

1.12.0-RC3

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

github.com/theforeman/foreman-installer

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ae2ac4e445bdd0541651a9b15e94648eb5fcd34a

Last affected

c9f8ee494f8a2991a33951c575604d8b8ed52d32

Affected versions

1.*

1.0.1

1.11.0

1.11.0-RC1

1.11.0-RC2

1.11.0-RC3

1.11.1

1.11.2

1.12.0

1.12.0-RC1

1.12.0-RC2

1.12.0-RC3

github.com/theforeman/smart-proxy

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

32fc25f8928a8974c54d379991b0b0355ab4d6b4

Last affected

fb319164de15280fb59bc25448d7f00d86703d15

Affected versions

0.*

0.1

0.2

0.2rc2

0.3

0.3.1

1.*

1.0

1.0RC1

1.0RC2

1.1

1.11.0

1.11.0-RC1

1.11.0-RC2

1.11.0-RC3

1.11.1

1.11.2

1.12.0

1.12.0-RC1

1.12.0-RC2

1.12.0-RC3

1.1RC1

1.1RC2

1.1RC3