Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
References
Configurations
History
13 Feb 2023, 04:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. |
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that access to private bookmarks of users is not properly restricted in Foreman. This could allow an attacker to view the search terms used in these bookmarks which should be private. | |
References |
|
Information
Published : 2016-05-20 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-2100
Mitre link : CVE-2016-2100
CVE.ORG link : CVE-2016-2100
JSON object : View
Products Affected
theforeman
- foreman
CWE
CWE-284
Improper Access Control