Published: 14/08/2015 Updated: 13/08/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Foreman prior to 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.

Vendor Advisories

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access ...