CVE-2016-7077: Infoleak
First published: Mon Sep 10 2018(Updated: )
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Theforeman Foreman | <1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-7077?
CVE-2016-7077 is a vulnerability in Foreman before version 1.14.0 that allows unauthorized users to view names of associated objects.
How severe is CVE-2016-7077?
CVE-2016-7077 has a severity score of 4.3, which is considered medium.
How does CVE-2016-7077 work?
CVE-2016-7077 occurs because Foreman form helper does not authorize options for associated objects, allowing unauthorized users to see the names of such objects if their count is less than 6.
What software versions are affected by CVE-2016-7077?
Foreman versions up to and excluding 1.14.0 are affected by CVE-2016-7077.
Is there a fix available for CVE-2016-7077?
Yes, the fix for CVE-2016-7077 is available in Foreman version 1.14.0 and later.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/theforeman
- canonical/theforeman foreman