CVE

CVE-2016-5390 (foreman)

CVE-2016-5390 (foreman)

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.

Source: CVE-2016-5390 (foreman)

Exit mobile version