Foreman prior to 1.10.3 and 1.11.0 prior to 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman |
||
theforeman foreman 1.11.0 |