All the vulnerabilites related to Foreman - foreman
cve-2014-0091
Vulnerability from cvelistv5
Published
2019-12-11 14:11
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Foreman has improper input validation which could lead to partial Denial of Service
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2014-0091 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2014-0091 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foreman",
"vendor": "Foreman",
"versions": [
{
"status": "affected",
"version": "through 2014-03-05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Foreman has improper input validation which could lead to partial Denial of Service"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T14:11:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0091",
"datePublished": "2019-12-11T14:11:04",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7535
Vulnerability from cvelistv5
Published
2018-07-26 13:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://projects.theforeman.org/issues/20963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99604 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2017/q3/521 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://projects.theforeman.org/issues/20963"
},
{
"name": "99604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99604"
},
{
"name": "[oss-security] 20170925 Foreman 1.1+ stored XSS in organizations/locations assignment to hosts",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q3/521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "foreman",
"vendor": "Foreman",
"versions": [
{
"status": "affected",
"version": "1.16.0"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://projects.theforeman.org/issues/20963"
},
{
"name": "99604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99604"
},
{
"name": "[oss-security] 20170925 Foreman 1.1+ stored XSS in organizations/locations assignment to hosts",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q3/521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "1.16.0"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projects.theforeman.org/issues/20963",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/20963"
},
{
"name": "99604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99604"
},
{
"name": "[oss-security] 20170925 Foreman 1.1+ stored XSS in organizations/locations assignment to hosts",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q3/521"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7535",
"datePublished": "2018-07-26T13:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7505
Vulnerability from cvelistv5
Published
2017-05-26 16:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98607 | vdb-entry, x_refsource_BID | |
| http://projects.theforeman.org/issues/19612 | x_refsource_CONFIRM | |
| https://github.com/theforeman/foreman/pull/4545 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projects.theforeman.org/issues/19612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/theforeman/foreman/pull/4545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "foreman",
"vendor": "Foreman",
"versions": [
{
"status": "affected",
"version": "1.5 and higher"
}
]
}
],
"datePublic": "2017-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-29T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "98607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projects.theforeman.org/issues/19612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/theforeman/foreman/pull/4545"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7505",
"datePublished": "2017-05-26T16:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7077
Vulnerability from cvelistv5
Published
2018-09-10 15:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://theforeman.org/security.html#2016-7077 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94230 | vdb-entry, x_refsource_BID | |
| https://projects.theforeman.org/issues/16971 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://theforeman.org/security.html#2016-7077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077"
},
{
"name": "94230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://projects.theforeman.org/issues/16971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "foreman",
"vendor": "Foreman",
"versions": [
{
"status": "affected",
"version": "foreman 1.14.0"
}
]
}
],
"datePublic": "2016-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://theforeman.org/security.html#2016-7077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077"
},
{
"name": "94230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://projects.theforeman.org/issues/16971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "foreman 1.14.0"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://theforeman.org/security.html#2016-7077",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-7077"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077"
},
{
"name": "94230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94230"
},
{
"name": "https://projects.theforeman.org/issues/16971",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/16971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7077",
"datePublished": "2018-09-10T15:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7078
Vulnerability from cvelistv5
Published
2018-09-10 15:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96385 | vdb-entry, x_refsource_BID | |
| https://theforeman.org/security.html#2016-7078 | x_refsource_CONFIRM | |
| https://projects.theforeman.org/issues/16982 | x_refsource_CONFIRM | |
| https://seclists.org/oss-sec/2017/q1/470 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078"
},
{
"name": "96385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://theforeman.org/security.html#2016-7078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://projects.theforeman.org/issues/16982"
},
{
"name": "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2017/q1/470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "foreman",
"vendor": "Foreman",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
}
],
"datePublic": "2016-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator\u0027s view). The user\u0027s actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078"
},
{
"name": "96385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://theforeman.org/security.html#2016-7078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://projects.theforeman.org/issues/16982"
},
{
"name": "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://seclists.org/oss-sec/2017/q1/470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator\u0027s view). The user\u0027s actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078"
},
{
"name": "96385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96385"
},
{
"name": "https://theforeman.org/security.html#2016-7078",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-7078"
},
{
"name": "https://projects.theforeman.org/issues/16982",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/16982"
},
{
"name": "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2017/q1/470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7078",
"datePublished": "2018-09-10T15:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}