Vulnerabilities > CVE-2016-4451 - 7PK - Security Features vulnerability in Theforeman Foreman
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2018-0336.NASL |
description | An update is now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6. All users who require Satellite version 6.3 are advised to install these new packages. Security Fix(es) : * V8: integer overflow leading to buffer overflow in Zone::New (CVE-2016-1669) * rubygem-will_paginate: XSS vulnerabilities (CVE-2013-6459) * foreman: models with a |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107053 |
published | 2018-02-28 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107053 |
title | RHEL 7 : Satellite Server (RHSA-2018:0336) |
Redhat
advisories |
| ||||
rpms |
|
References
- http://projects.theforeman.org/issues/15182
- http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c
- https://access.redhat.com/errata/RHSA-2018:0336
- https://theforeman.org/security.html#2016-4451
- http://projects.theforeman.org/issues/15182
- https://theforeman.org/security.html#2016-4451
- https://access.redhat.com/errata/RHSA-2018:0336
- http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c