CVE-2016-4995

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-4995

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-4995

Downstream

RHSA-2018:0336

Published

2016-08-19T21:59:10.430Z

Modified

2026-03-17T22:28:53.797942Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type

GIT

Repo

https://github.com/theforeman/smart-proxy

Events

Introduced

27b23f5ab93b02faf66bb93579b79d52bcc4847f

Fixed

4198ca38d7b8eb6695a61023a9fccf97fb59be86

Introduced

fb319164de15280fb59bc25448d7f00d86703d15

Fixed

4252c1083d5e16c375cd450abdf6fd24ac952048

Database specific

{
    "versions": [
        {
            "introduced": "1.11.0"
        },
        {
            "fixed": "1.11.4"
        },
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.1"
        }
    ]
}

Affected versions

1.*

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json"