Vulnerability Details : CVE-2016-7078
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.
Vulnerability category: BypassGain privilegeInformation leak
Products affected by CVE-2016-7078
- cpe:2.3:a:theforeman:foreman:1.15.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7078
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7078
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
Red Hat, Inc. | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2016-7078
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2016-7078
-
https://projects.theforeman.org/issues/16982
Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources - ForemanVendor Advisory
-
http://www.securityfocus.com/bid/96385
Foreman CVE-2016-7078 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://theforeman.org/security.html#2016-7078
Foreman :: SecurityVendor Advisory
-
https://seclists.org/oss-sec/2017/q1/470
oss-sec: CVE-2016-7078: Foreman organization/location authorization vulnerabilityMailing List;Third Party Advisory
-
https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905
Fixes #16982 - Scope properly when no taxonomies are set · theforeman/foreman@5f606e1 · GitHubThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078
1386244 – (CVE-2016-7078) CVE-2016-7078 foreman: Information leak through organizations and locations featureIssue Tracking;Third Party Advisory
Jump to