CVE-2016-4995

Published: Aug 19, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Affected (2)

Products: Theforeman: Foreman

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	From 1.11.0 to 1.11.4
Theforeman Foreman	From 1.12.0 to 1.12.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://projects.theforeman.org/issues/15490

Source: secalert@redhat.com

PatchVendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073

Source: secalert@redhat.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: secalert@redhat.com

Third Party Advisory

https://theforeman.org/security.html#2016-4995

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/issues/15490

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://theforeman.org/security.html#2016-4995

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.