Vulnerabilities > CVE-2016-4475 - 7PK - Security Features vulnerability in Theforeman Foreman

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

theforeman

CWE-254

NVD

Published: 2016-08-19

Updated: 2023-02-12

Summary

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Theforeman Theforeman Foreman 1.12.0 Theforeman Foreman - Theforeman Foreman 0.1 Theforeman Foreman 0.2 Theforeman Foreman 0.3 Theforeman Foreman 0.4 Theforeman Foreman 0.4.1 Theforeman Foreman 0.4.2 Theforeman Foreman 1.0 Theforeman Foreman 1.0.1 Theforeman Foreman 1.1 Theforeman Foreman 1.2.0 Theforeman Foreman 1.2.1 Theforeman Foreman 1.2.2 Theforeman Foreman 1.2.3 Theforeman Foreman 1.3.0 Theforeman Foreman 1.3.1 Theforeman Foreman 1.3.2 Theforeman Foreman 1.4.0 Theforeman Foreman 1.4.1 Theforeman Foreman 1.4.2 Theforeman Foreman 1.4.3 Theforeman Foreman 1.4.4 Theforeman Foreman 1.4.5 Theforeman Foreman 1.5.0 Theforeman Foreman 1.5.1 Theforeman Foreman 1.5.2 Theforeman Foreman 1.5.3 Theforeman Foreman 1.6.0 Theforeman Foreman 1.6.1 Theforeman Foreman 1.6.3 Theforeman Foreman 1.7.0 Theforeman Foreman 1.7.1 Theforeman Foreman 1.7.2 Theforeman Foreman 1.7.3 Theforeman Foreman 1.7.4 Theforeman Foreman 1.7.5 Theforeman Foreman 1.8.0 Theforeman Foreman 1.8.1 Theforeman Foreman 1.8.2 Theforeman Foreman 1.8.3 Theforeman Foreman 1.8.4 Theforeman Foreman 1.9.0 Theforeman Foreman 1.9.1 Theforeman Foreman 1.9.2 Theforeman Foreman 1.9.3 Theforeman Foreman 1.10.0 Theforeman Foreman 1.10.1 Theforeman Foreman 1.10.2 Theforeman Foreman 1.10.3 Theforeman Foreman 1.10.4 Theforeman Foreman 1.11.0 Theforeman Foreman 1.11.1 Theforeman Foreman 1.11.2 Theforeman Foreman 1.11.3	111

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Redhat

advisories

rhsa

id	RHBA-2016:1615

rpms

foreman-0:1.11.0.51-1.el6sat
foreman-0:1.11.0.51-1.el7sat
foreman-compute-0:1.11.0.51-1.el6sat
foreman-compute-0:1.11.0.51-1.el7sat
foreman-debug-0:1.11.0.51-1.el6sat
foreman-debug-0:1.11.0.51-1.el7sat
foreman-ec2-0:1.11.0.51-1.el6sat
foreman-ec2-0:1.11.0.51-1.el7sat
foreman-gce-0:1.11.0.51-1.el6sat
foreman-gce-0:1.11.0.51-1.el7sat
foreman-installer-1:1.11.0.10-1.el6sat
foreman-installer-1:1.11.0.10-1.el7sat
foreman-libvirt-0:1.11.0.51-1.el6sat
foreman-libvirt-0:1.11.0.51-1.el7sat
foreman-openstack-0:1.11.0.51-1.el6sat
foreman-openstack-0:1.11.0.51-1.el7sat
foreman-ovirt-0:1.11.0.51-1.el6sat
foreman-ovirt-0:1.11.0.51-1.el7sat
foreman-postgresql-0:1.11.0.51-1.el6sat
foreman-postgresql-0:1.11.0.51-1.el7sat
foreman-proxy-0:1.11.0.5-1.el6sat
foreman-proxy-0:1.11.0.5-1.el7sat
foreman-rackspace-0:1.11.0.51-1.el6sat
foreman-rackspace-0:1.11.0.51-1.el7sat
foreman-vmware-0:1.11.0.51-1.el6sat
foreman-vmware-0:1.11.0.51-1.el7sat
pulp-admin-client-0:2.8.3.4-1.el6sat
pulp-admin-client-0:2.8.3.4-1.el7sat
pulp-nodes-child-0:2.8.3.4-1.el6sat
pulp-nodes-child-0:2.8.3.4-1.el7sat
pulp-nodes-common-0:2.8.3.4-1.el6sat
pulp-nodes-common-0:2.8.3.4-1.el7sat
pulp-nodes-parent-0:2.8.3.4-1.el6sat
pulp-nodes-parent-0:2.8.3.4-1.el7sat
pulp-selinux-0:2.8.3.4-1.el6sat
pulp-selinux-0:2.8.3.4-1.el7sat
pulp-server-0:2.8.3.4-1.el6sat
pulp-server-0:2.8.3.4-1.el7sat
python-pulp-agent-lib-0:2.8.3.4-1.el6sat
python-pulp-agent-lib-0:2.8.3.4-1.el7sat
python-pulp-bindings-0:2.8.3.4-1.el6sat
python-pulp-bindings-0:2.8.3.4-1.el7sat
python-pulp-client-lib-0:2.8.3.4-1.el6sat
python-pulp-client-lib-0:2.8.3.4-1.el7sat
python-pulp-common-0:2.8.3.4-1.el6sat
python-pulp-common-0:2.8.3.4-1.el7sat
python-pulp-oid_validation-0:2.8.3.4-1.el6sat
python-pulp-oid_validation-0:2.8.3.4-1.el7sat
python-pulp-repoauth-0:2.8.3.4-1.el6sat
python-pulp-repoauth-0:2.8.3.4-1.el7sat
python-pulp-streamer-0:2.8.3.4-1.el6sat
python-pulp-streamer-0:2.8.3.4-1.el7sat
satellite-0:6.2.1-1.2.el6sat
satellite-0:6.2.1-1.2.el7sat
satellite-capsule-0:6.2.1-1.2.el6sat
satellite-capsule-0:6.2.1-1.2.el7sat
satellite-cli-0:6.2.1-1.2.el6sat
satellite-cli-0:6.2.1-1.2.el7sat
satellite-debug-tools-0:6.2.1-1.2.el6sat
satellite-debug-tools-0:6.2.1-1.2.el7sat
tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el6sat
tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el7sat
tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el6sat
tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el7sat
tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el6sat
tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el7sat
tfm-rubygem-katello-0:3.0.0.70-1.el6sat
tfm-rubygem-katello-0:3.0.0.70-1.el7sat
tfm-rubygem-katello_ostree-0:3.0.0.70-1.el7sat
tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el6sat
tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el7sat

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References