Back to search
CVE-2016-4995
Published: Aug 19, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://theforeman.org/security.html#2016-4995
x_refsource_CONFIRM
RHSA-2018:0336
vendor-advisory
x_refsource_REDHAT
http://projects.theforeman.org/issues/15490
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now