Main Vulnerability Database Vulnerabilities #VU10749

Information disclosure in Foreman - CVE-2016-4995

Published: February 27, 2018

Vulnerability identifier: #VU10749

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-4995

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foreman

Affected software:
Foreman

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper restriction of access to preview provisioning templates. A remote attacker with permissions to preview host templates can access the template preview for any host if they are able to guess the host name, and access potentially sensitive information.

How to mitigate CVE-2016-4995

Update to versions 1.11.4 or 1.12.1.

Sources

https://theforeman.org/security.html#2016-4995

Information disclosure in Foreman - CVE-2016-4995

Detailed vulnerability description

How to mitigate CVE-2016-4995

Sources

Please verify you're human