Sensitive Network Interface Information Disclosure in Foreman

Sensitive Network Interface Information Disclosure in Foreman

CVE-2016-5390 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.

Learn more about our Api Penetration Testing.