What is CVE-2016-7077?

CVE-2016-7077 is a medium-severity vulnerability in Foreman, classified under Improper Authorization. CVSS score: 4.3/10. Published 2018-09-10.

How severe is CVE-2016-7077?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Auth bypass in Foreman

CVE-2016-7077

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

EPSS: 0.003 (48.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Foreman — versions foreman 1.14.0

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

theforeman.org/security.html (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
94230 (vdb-entry, x_refsource_BID)
projects.theforeman.org/issues/16971 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-7077?: CVE-2016-7077 is a medium-severity vulnerability in Foreman, classified under Improper Authorization. CVSS score: 4.3/10. Published 2018-09-10.
How severe is CVE-2016-7077?: Medium severity. CVSS v3 base score is 4.3 out of 10.