Vulnerability Details CVE-2016-7077
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/94230
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
- https://projects.theforeman.org/issues/16971
- https://theforeman.org/security.html#2016-7077
- http://www.securityfocus.com/bid/94230
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
- https://projects.theforeman.org/issues/16971
- https://theforeman.org/security.html#2016-7077
Products affected by CVE-2016-7077
-
cpe:2.3:a:theforeman:foreman:-
-
cpe:2.3:a:theforeman:foreman:0.1
-
cpe:2.3:a:theforeman:foreman:0.2
-
cpe:2.3:a:theforeman:foreman:0.3
-
cpe:2.3:a:theforeman:foreman:0.4
-
cpe:2.3:a:theforeman:foreman:0.4.1
-
cpe:2.3:a:theforeman:foreman:0.4.2
-
cpe:2.3:a:theforeman:foreman:1.0
-
cpe:2.3:a:theforeman:foreman:1.0.1
-
cpe:2.3:a:theforeman:foreman:1.1
-
cpe:2.3:a:theforeman:foreman:1.10.0
-
cpe:2.3:a:theforeman:foreman:1.10.1
-
cpe:2.3:a:theforeman:foreman:1.10.2
-
cpe:2.3:a:theforeman:foreman:1.10.3
-
cpe:2.3:a:theforeman:foreman:1.10.4
-
cpe:2.3:a:theforeman:foreman:1.11.0
-
cpe:2.3:a:theforeman:foreman:1.11.1
-
cpe:2.3:a:theforeman:foreman:1.11.2
-
cpe:2.3:a:theforeman:foreman:1.11.3
-
cpe:2.3:a:theforeman:foreman:1.11.4
-
cpe:2.3:a:theforeman:foreman:1.12.0
-
cpe:2.3:a:theforeman:foreman:1.12.1
-
cpe:2.3:a:theforeman:foreman:1.12.2
-
cpe:2.3:a:theforeman:foreman:1.12.3
-
cpe:2.3:a:theforeman:foreman:1.12.4
-
cpe:2.3:a:theforeman:foreman:1.13.0
-
cpe:2.3:a:theforeman:foreman:1.13.1
-
cpe:2.3:a:theforeman:foreman:1.13.2
-
cpe:2.3:a:theforeman:foreman:1.13.3
-
cpe:2.3:a:theforeman:foreman:1.13.4
-
cpe:2.3:a:theforeman:foreman:1.2.0
-
cpe:2.3:a:theforeman:foreman:1.2.1
-
cpe:2.3:a:theforeman:foreman:1.2.2
-
cpe:2.3:a:theforeman:foreman:1.2.3
-
cpe:2.3:a:theforeman:foreman:1.3.0
-
cpe:2.3:a:theforeman:foreman:1.3.1
-
cpe:2.3:a:theforeman:foreman:1.3.2
-
cpe:2.3:a:theforeman:foreman:1.4.0
-
cpe:2.3:a:theforeman:foreman:1.4.1
-
cpe:2.3:a:theforeman:foreman:1.4.2
-
cpe:2.3:a:theforeman:foreman:1.4.3
-
cpe:2.3:a:theforeman:foreman:1.4.4
-
cpe:2.3:a:theforeman:foreman:1.4.5
-
cpe:2.3:a:theforeman:foreman:1.5.0
-
cpe:2.3:a:theforeman:foreman:1.5.1
-
cpe:2.3:a:theforeman:foreman:1.5.2
-
cpe:2.3:a:theforeman:foreman:1.5.3
-
cpe:2.3:a:theforeman:foreman:1.6.0
-
cpe:2.3:a:theforeman:foreman:1.6.1
-
cpe:2.3:a:theforeman:foreman:1.6.3
-
cpe:2.3:a:theforeman:foreman:1.7.0
-
cpe:2.3:a:theforeman:foreman:1.7.1
-
cpe:2.3:a:theforeman:foreman:1.7.2
-
cpe:2.3:a:theforeman:foreman:1.7.3
-
cpe:2.3:a:theforeman:foreman:1.7.4
-
cpe:2.3:a:theforeman:foreman:1.7.5
-
cpe:2.3:a:theforeman:foreman:1.8.0
-
cpe:2.3:a:theforeman:foreman:1.8.1
-
cpe:2.3:a:theforeman:foreman:1.8.2
-
cpe:2.3:a:theforeman:foreman:1.8.3
-
cpe:2.3:a:theforeman:foreman:1.8.4
-
cpe:2.3:a:theforeman:foreman:1.9.0
-
cpe:2.3:a:theforeman:foreman:1.9.1
-
cpe:2.3:a:theforeman:foreman:1.9.2
-
cpe:2.3:a:theforeman:foreman:1.9.3