A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access ...