The (1) Organization and (2) Locations APIs and UIs in Foreman prior to 1.11.4 and 1.12.x prior to 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman 1.12.0 |
||
theforeman foreman |