CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4451 – foreman: privilege escalation through Organization and Locations API
https://notcve.org/view.php?id=CVE-2016-4451
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. Las APIs (1) Organization y (2) Locations en Foreman en versiones anteriores a 1.11.3 y 1.12.x en versiones anteriores a 1.12.0-RC1 permiten a usuarios remotos autenticados con filtros ilimitados eludir restricciones de organización y localización y leer o modificar datos de una organización arbitraria aprovechando el conocimiento de la id de esa organización. It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations. • http://projects.theforeman.org/issues/15182 http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c https://access.redhat.com/errata/RHSA-2018:0336 https://theforeman.org/security.html#2016-4451 https://access.redhat.com/security/cve/CVE-2016-4451 https://bugzilla.redhat.com/show_bug.cgi?id=1339889 • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2100
https://notcve.org/view.php?id=CVE-2016-2100
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. Foreman en versiones anteriores a 1.10.3 y 1.11.0 en versiones anteriores a 1.11.0-RC2 permite a usuarios remotos autenticados leer, modificar o borrar marcadores privados aprovechando el permiso (1) edit_bookmarks o (2) destroy_bookmarks. • http://projects.theforeman.org/issues/13828 http://theforeman.org/security.html#2016-2100 http://www.openwall.com/lists/oss-security/2016/03/31/2 https://access.redhat.com/errata/RHBA-2016:1500 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 0CVE-2016-3728
https://notcve.org/view.php?id=CVE-2016-3728
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. Vulnerabilidad en la inyección Eval en tftp_api.rb en el módulo TFTP en el Smart-Proxy en Foreman en versiones anteriores 1.10.4 y 1.11.x en versiones anteriores a 1.11.2 permite a atacantes remotos ejecutar un código arbitrario a través de la plantilla de porción tipo del PATH_INFO para tftp/. • http://projects.theforeman.org/issues/14931 http://theforeman.org/security.html#2016-3728 http://www.openwall.com/lists/oss-security/2016/05/19/2 https://access.redhat.com/errata/RHBA-2016:1501 https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7 • CWE-284: Improper Access Control •