Vulnerability Description
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 1.14.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94230Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077Issue TrackingThird Party Advisory
- https://projects.theforeman.org/issues/16971ExploitVendor Advisory
- https://theforeman.org/security.html#2016-7077Vendor Advisory
- http://www.securityfocus.com/bid/94230Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077Issue TrackingThird Party Advisory
- https://projects.theforeman.org/issues/16971ExploitVendor Advisory
- https://theforeman.org/security.html#2016-7077Vendor Advisory
FAQ
What is CVE-2016-7077?
CVE-2016-7077 is a vulnerability with a CVSS score of 4.3 (MEDIUM). foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if ...
How severe is CVE-2016-7077?
CVE-2016-7077 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7077?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman.