foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-10T15:00:00

Updated: 2024-08-06T01:50:47.449Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7077

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-10T15:29:01.107

Modified: 2024-11-21T02:57:24.807

Link: CVE-2016-7077

cve-icon Redhat

Severity : Low

Publid Date: 2016-10-17T00:00:00Z

Links: CVE-2016-7077 - Bugzilla