CVE Vulnerabilities

CVE-2016-4475

Published: Aug 19, 2016 | Modified: Feb 12, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
4.9 MODERATE
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V3
Ubuntu

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Foreman Theforeman * 1.11.3 (including)
Foreman Theforeman 1.12.0 (including) 1.12.0 (including)
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-0:1.11.0.51-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-installer-1:1.11.0.10-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-proxy-0:1.11.0.5-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat pulp-0:2.8.3.4-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat satellite-0:6.2.1-1.2.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-katello-0:3.0.0.70-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-0:1.11.0.51-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-installer-1:1.11.0.10-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat foreman-proxy-0:1.11.0.5-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat pulp-0:2.8.3.4-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat satellite-0:6.2.1-1.2.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-katello-0:3.0.0.70-1.el6sat *
Red Hat Satellite 6.2 for RHEL 6 RedHat tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el6sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-0:1.11.0.51-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-installer-1:1.11.0.10-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-proxy-0:1.11.0.5-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat pulp-0:2.8.3.4-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat satellite-0:6.2.1-1.2.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-katello-0:3.0.0.70-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-0:1.11.0.51-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-installer-1:1.11.0.10-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat foreman-proxy-0:1.11.0.5-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat pulp-0:2.8.3.4-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat satellite-0:6.2.1-1.2.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-foreman_discovery-0:5.0.0.9-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-hammer_cli_foreman_admin-0:0.0.5-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-hammer_cli_katello-0:0.0.22.25-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-katello-0:3.0.0.70-1.el7sat *
Red Hat Satellite 6.2 for RHEL 7 RedHat tfm-rubygem-ovirt_provision_plugin-0:1.0.2-1.el7sat *

References