CVE-2016-2100

Published: May 20, 2016Modified: May 6, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

Affected (3)

Products: Theforeman: Foreman

Theforeman

1 product

Foreman

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.10.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Version 1.11.0
Theforeman Foreman	Version 1.11.0 rc1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://projects.theforeman.org/issues/13828

Source: secalert@redhat.com

http://theforeman.org/security.html#2016-2100

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/03/31/2

Source: secalert@redhat.com

https://access.redhat.com/errata/RHBA-2016:1500

Source: secalert@redhat.com

http://projects.theforeman.org/issues/13828

Source: af854a3a-2127-422b-91ae-364da2661108

http://theforeman.org/security.html#2016-2100

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/03/31/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHBA-2016:1500

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.