Published: 19/08/2016 Updated: 12/02/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Foreman prior to 1.11.4 and 1.12.x prior to 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman

Synopsis Important: Satellite 63 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat SatelliteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

A flaw was found in foreman's handling of template previews An attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, disclosing potentially sensitive information ...

CWE-200 http://projects.theforeman.org/issues/15490 http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073 https://theforeman.org/security.html#2016-4995 https://access.redhat.com/errata/RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-4995

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4995

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect