What is CVE-2016-2100?

CVE-2016-2100 is a medium-severity vulnerability in Theforeman Foreman, classified under Improper Access Control. CVSS score: 5.4/10. Published 2016-05-20.

How severe is CVE-2016-2100?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Vulnerability in Theforeman Foreman

CVE-2016-2100

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

EPSS: 0.002 (42.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Theforeman Foreman — versions 1.11.0
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

RHBA-2016:1500 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20160331 CVE-2016-2100: Foreman private bookmarks can be viewed and edited (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-2100?: CVE-2016-2100 is a medium-severity vulnerability in Theforeman Foreman, classified under Improper Access Control. CVSS score: 5.4/10. Published 2016-05-20.
How severe is CVE-2016-2100?: Medium severity. CVSS v3 base score is 5.4 out of 10.