CVE-2016-4451
- Source
- https://cve.org/CVERecord?id=CVE-2016-4451
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4451.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4451
- Downstream
- Published
- 2016-08-19T21:59:08.337Z
- Modified
- 2026-02-11T07:13:19.880602Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
- References
-
- http://projects.theforeman.org/issues/15182
- http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c
- https://access.redhat.com/errata/RHSA-2018:0336
- https://theforeman.org/security.html#2016-4451
- http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c
Affected packages
Git / github.com/theforeman/smart-proxy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/theforeman/smart-proxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected