HomePentest-Tools.com Logo

Foreman Privilege Escalation Vulnerability CVE-2016-4475

Severity
CVSSv3 Score
8.8
Vulnerability description

Foreman is prone to a privilege escalation vulnerability.

Risk description

When accessing Foreman as a user limited to specific organization or location, these are not taken into account in the API or parts of the UI. This allows a user to view, edit and delete organizations and locations they are not associated with if they have the requisite permissions.

Recommendation

Upgrade to 1.11.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 19, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available