Bypassing Organization and Location Restrictions in Foreman APIs and UIs

Bypassing Organization and Location Restrictions in Foreman APIs and UIs

CVE-2016-4475 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Learn more about our Api Penetration Testing.