CVE-2016-4475

Published: Aug 19, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Affected (2)

Products: Theforeman: Foreman

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.11.3
Theforeman Foreman	Version 1.12.0

Related CWEs

References (10)

http://projects.theforeman.org/issues/15268

Source: secalert@redhat.com

PatchVendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9

Source: secalert@redhat.com

PatchVendor Advisory

http://www.securityfocus.com/bid/92125

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2016:1615

Source: secalert@redhat.com

https://theforeman.org/security.html#2016-4475

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/issues/15268

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/92125

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2016:1615

Source: af854a3a-2127-422b-91ae-364da2661108

https://theforeman.org/security.html#2016-4475

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.