CVE-2016-4451

foreman: privilege escalation through Organization and Locations API

Severity Score

5.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

Las APIs (1) Organization y (2) Locations en Foreman en versiones anteriores a 1.11.3 y 1.12.x en versiones anteriores a 1.12.0-RC1 permiten a usuarios remotos autenticados con filtros ilimitados eludir restricciones de organización y localización y leer o modificar datos de una organización arbitraria aprovechando el conocimiento de la id de esa organización.

It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-05-02 CVE Reserved
2016-08-19 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-254: 7PK - Security Features
CWE-284: Improper Access Control

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
http://projects.theforeman.org/projects/foreman/repository/revisions/1144040f444b4bf4aae81940a150b26b23b4623c	2023-02-12

URL	Date	SRC
http://projects.theforeman.org/issues/15182	2023-02-12
https://access.redhat.com/errata/RHSA-2018:0336	2023-02-12
https://theforeman.org/security.html#2016-4451	2023-02-12
https://access.redhat.com/security/cve/CVE-2016-4451	2018-02-21
https://bugzilla.redhat.com/show_bug.cgi?id=1339889	2018-02-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Theforeman Search vendor "Theforeman"		Foreman Search vendor "Theforeman" for product "Foreman"				<= 1.11.2 Search vendor "Theforeman" for product "Foreman" and version " <= 1.11.2"		-		Affected
Theforeman Search vendor "Theforeman"		Foreman Search vendor "Theforeman" for product "Foreman"				1.12.0 Search vendor "Theforeman" for product "Foreman" and version "1.12.0"		-		Affected