EUVD-2016-7957

Malware in sbrugna...

Information Disclosure

foreman is vulnerable to information disclosure. The form helper does not authorize options for associated objects, allowing users to see the names of such objects...

HackerOne: Moving a report to a different program doesn't reassign the Custom Field Values

When a report is moved to a different program, all associated objects are either removed or copied to the new program. During an internal security review of the Custom Fields feature it was observed that this isn't the case for Custom Field Values. This means that even after a report has moved, t...

Foreman < 1.14.0 Information Disclosure Vulnerability

Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...

CVE-2016-7077

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6...

foreman: Foreman information leak through unauthorized multiple_checkboxes helper

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6...