The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-08-19T21:00:00

Updated: 2024-08-06T00:32:25.359Z

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4451

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-08-19T21:59:08.337

Modified: 2024-11-21T02:52:14.383

Link: CVE-2016-4451

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-05-25T00:00:00Z

Links: CVE-2016-4451 - Bugzilla