HomePentest-Tools.com Logo

Foreman Privilege Escalation Vulnerability CVE-2016-4451

Severity
CVSSv3 Score
5
Vulnerability description

Foreman is prone to a privilege escalation vulnerability.

Risk description

When accessing Foreman as a user limited to specific organization, if users know other organization id and have unlimited filters they can access/modify other organization data. They just have to set the id as API parameter.

Recommendation

Upgrade to 1.11.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 19, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available