CVE-2016-5390

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5390

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5390.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-5390

Published

2016-08-19T21:59:11Z

Modified

2025-04-12T13:31:41.247108Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

8731c1f6e50b5abd8f88db58f714c02dd584c419

Fixed

fa181918d33bcfb3e8b45da35179982012be660a

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

5828e336f8ed7890e5dc9458fa580bd35efa9d69

Fixed

3272502d2ad1e91ad2f1175ac681c015e9392fff

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

27b23f5ab93b02faf66bb93579b79d52bcc4847f

Fixed

4198ca38d7b8eb6695a61023a9fccf97fb59be86

Affected versions

1.*

1.11.0

1.11.1

1.11.2

1.11.3