CVE-2016-4451

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4451
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4451
Related
Published
2016-08-19T21:59:08Z
Modified
2024-10-12T01:58:36.063836Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

0.*

0.1
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.2rc2
0.3
0.3.1
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5

1.*

1.0
1.0.1
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.11.0
1.11.0-RC1
1.11.0-RC2
1.11.0-RC3
1.11.1
1.11.2
1.12.0
1.12.0-RC1
1.12.0-RC2
1.12.0-RC3
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5