CVE-2016-4451

Published: Aug 19, 2016Modified: May 6, 2026

5.0

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.6 / Impact: 3.4

Source: NVD

Description

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

Affected (2)

Products: Theforeman: Foreman

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.11.2
Theforeman Foreman	Version 1.12.0

Related CWEs

References (8)

http://projects.theforeman.org/issues/15182

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c

Source: secalert@redhat.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: secalert@redhat.com

https://theforeman.org/security.html#2016-4451

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/issues/15182

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: af854a3a-2127-422b-91ae-364da2661108

https://theforeman.org/security.html#2016-4451

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.