CVE-2016-7077

Published on: 09/10/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Foreman from Theforeman contain the following vulnerability:

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

  • CVE-2016-7077 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: Foreman - foreman version foreman 1.14.0

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Foreman CVE-2016-7077 Local Information Disclosure Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94230
Foreman :: Security Vendor Advisory
theforeman.org
text/html
URL Logo CONFIRM theforeman.org/security.html#2016-7077
Bug #16971: CVE-2016-7077 - Association lists (for < 6 items) shown without authorization/filters - Foreman Exploit
Vendor Advisory
projects.theforeman.org
text/html
URL Logo CONFIRM projects.theforeman.org/issues/16971
1385777 – (CVE-2016-7077) CVE-2016-7077 foreman: Foreman information leak through unauthorized multiple_checkboxes helper Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationTheforemanForemanAllAllAllAll
ApplicationTheforemanForemanAllAllAllAll
  • cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*: