← back
CVE-2016-7077

CVE-2016-7077

CVSS 4.3 MEDIUMEPSS 1.4%CWE-285
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Foreman · foreman

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077https://projects.theforeman.org/issues/16971https://theforeman.org/security.html#2016-7077http://www.securityfocus.com/bid/94230