Main Vulnerability Database SB2016052008

SB2016052008 - Improper access control in Foreman

Published: May 20, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016052008

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2016-2100)

The vulnerability allows a remote authenticated user to read and manipulate data.

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

Remediation

Install update from vendor's website.

References

http://projects.theforeman.org/issues/13828
http://theforeman.org/security.html#2016-2100
http://www.openwall.com/lists/oss-security/2016/03/31/2
https://access.redhat.com/errata/RHBA-2016:1500