ID CVE-2016-4451
Summary The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
References
Vulnerable Configurations
  • cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 23-02-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2018:0336
refmap via4
confirm
Last major update 23-02-2018 - 02:29
Published 19-08-2016 - 21:59
Back to Top