HomePentest-Tools.com Logo

Foreman Information Disclosure Vulnerability-02 CVE-2016-4995

Severity
CVSSv3 Score
5.3
Vulnerability description

Foreman is prone to an information disclosure vulnerability.

Risk description

Users who are logged in with permissions to view some hosts are able to preview provisioning templates for any host by specifying its hostname in the URL, as the specific view_hosts permissions and filters arent checked.

Recommendation

Upgrade to 1.11.4, 1.12.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 19, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available