CVE-2016-7077

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7077

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7077.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-7077

Related

RHSA-2018:0336

Published

2018-09-10T15:29:01Z

Modified

2024-10-12T02:11:02.001107Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d09ddb013d43aa016517aff75a4b154c101e31cc

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

774f088100e4aa0ff91dd2ef7d70a595126de030

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7ed9a97025cbe88bba7bbaaf01c719bc3ac9a37d

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.2rc2

0.3

0.3.1

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0.1

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.14.0-RC1

1.14.0-RC2

1.14.0-RC3

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5