CVE-2016-7077

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7077

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7077.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-7077

Downstream

RHSA-2018:0336

Published

2018-09-10T15:29:01.107Z

Modified

2025-12-06T13:54:42.762566Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

References

Affected packages

Git

github.com/theforeman/smart-proxy

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7ed9a97025cbe88bba7bbaaf01c719bc3ac9a37d

Affected versions

0.*

0.1

0.2

0.2rc2

0.3

0.3.1

1.*

1.0

1.0RC1

1.0RC2

1.1

1.14.0-RC1

1.14.0-RC2

1.14.0-RC3

1.1RC1

1.1RC2

1.1RC3

github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d09ddb013d43aa016517aff75a4b154c101e31cc

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.3

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.14.0-RC1

1.14.0-RC2

1.14.0-RC3

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

github.com/theforeman/foreman-installer

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

774f088100e4aa0ff91dd2ef7d70a595126de030

Affected versions

1.*

1.0.1

1.14.0-RC1

1.14.0-RC2

1.14.0-RC3