cvedb.io
CVE-2016-4451
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2016-08-19T21:59:08.337 · Last modified 2026-06-17T00:47:35.170

Summary

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

Affected products

theforeman — foreman

Does this affect you?

Add your gear to cvedb and we'll alert you only when theforeman ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.