Lucene search

Veracode Vulnerability DatabaseVERACODE:26039

HistoryAug 05, 2020 - 1:39 a.m.

Information Disclosure

2020-08-0501:39:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

foreman is vulnerable to information disclosure. The form helper does not authorize options for associated objects, allowing users to see the names of such objects.

CPENameOperatorVersion
satellite-installereq6.2.0.13__1.el7sat
satellite-installereq6.2.0.12__1.el7sat
satellite-installereq6.2.0.11__1.el7sat
rubygem-smart_proxy_dynfloweq0.1.3.1__1.el7sat
rubygem-smart_proxy_dynfloweq0.1.3__1.el7sat
rubygem-smart_proxy_pulpeq1.2.2__1.el7sat
rubygem-smart_proxy_pulpeq1.0.1__1.1.el7sat
rubygem-smart_proxy_pulpeq1.0.1.2__1.el7sat
foreman-selinuxeq1.7.2.14__1.el7sat
foreman-selinuxeq1.7.2.13__1.el7sat

Name	Operator	Version
satellite-installer	eq	6.2.0.13__1.el7sat
satellite-installer	eq	6.2.0.12__1.el7sat
satellite-installer	eq	6.2.0.11__1.el7sat
rubygem-smart_proxy_dynflow	eq	0.1.3.1__1.el7sat
rubygem-smart_proxy_dynflow	eq	0.1.3__1.el7sat
rubygem-smart_proxy_pulp	eq	1.2.2__1.el7sat
rubygem-smart_proxy_pulp	eq	1.0.1__1.1.el7sat
rubygem-smart_proxy_pulp	eq	1.0.1.2__1.el7sat
foreman-selinux	eq	1.7.2.14__1.el7sat
foreman-selinux	eq	1.7.2.13__1.el7sat

Rows per page:

1-10 of 6841

References

www.securityfocus.com/bid/94230

access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/release_notes/

access.redhat.com/errata/RHSA-2018:0336

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077

projects.theforeman.org/issues/16971

theforeman.org/security.html#2016-7077

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:26039