Foreman Privilege Escalation Vulnerability CVE-2016-4451
- CVSSv3 Score
- Vulnerability description
Foreman is prone to a privilege escalation vulnerability.
- Risk description
When accessing Foreman as a user limited to specific organization, if users know other organization id and have unlimited filters they can access/modify other organization data. They just have to set the id as API parameter.
Upgrade to 1.11.3 or later.
- Not available