Vulnerability Description
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | <= 1.11.3 |
Related Weaknesses (CWE)
References
- http://projects.theforeman.org/issues/15268PatchVendor Advisory
- http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6fPatchVendor Advisory
- http://www.securityfocus.com/bid/92125Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2016:1615
- https://theforeman.org/security.html#2016-4475Vendor Advisory
- http://projects.theforeman.org/issues/15268PatchVendor Advisory
- http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6fPatchVendor Advisory
- http://www.securityfocus.com/bid/92125Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2016:1615
- https://theforeman.org/security.html#2016-4475Vendor Advisory
FAQ
What is CVE-2016-4475?
CVE-2016-4475 is a vulnerability with a CVSS score of 8.8 (HIGH). The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read...
How severe is CVE-2016-4475?
CVE-2016-4475 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4475?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman.