CVE-2016-4995

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4995
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4995
Related
Published
2016-08-19T21:59:10Z
Modified
2024-10-12T01:59:47.036868Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
8731c1f6e50b5abd8f88db58f714c02dd584c419
Fixed
fa181918d33bcfb3e8b45da35179982012be660a
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
5828e336f8ed7890e5dc9458fa580bd35efa9d69
Fixed
3272502d2ad1e91ad2f1175ac681c015e9392fff
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
27b23f5ab93b02faf66bb93579b79d52bcc4847f
Fixed
4198ca38d7b8eb6695a61023a9fccf97fb59be86

Affected versions

1.*

1.11.0
1.11.1
1.11.2
1.11.3