CVE-2015-5233
Foreman is vulnerable due to improper enforcement of the view_hosts permission in versions before 1.8.4 and 1.9.x before 1.9.1. This allows remote authenticated users with read access to reports (view_reports) to read reports from arbitrary hosts, and users with delete access (destroy_reports) to...