Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-08-19T21:00:00

Updated: 2024-08-06T00:46:40.195Z

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-4995

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-08-19T21:59:10.430

Modified: 2024-11-21T02:53:23.423

Link: CVE-2016-4995

cve-icon Redhat

Severity : Low

Publid Date: 2016-06-22T00:00:00Z

Links: CVE-2016-4995 - Bugzilla