CVE-2016-2100

Advisory lineage Upstream: 0 Downstream: 1
Downstream
RHBA-2016:1500
Modified
Published: 20 May 2016, 14:00
Last modified:05 Aug 2024, 23:17

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v2.0 (nvd)
EPSS Score
0.2% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 May 2016, 14:00
Published
Vulnerability first disclosed
05 Aug 2024, 23:17
Last Modified
Vulnerability information updated

Description

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

CVSS Metrics

  • v3.0MEDIUMScore: 5.4CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • v2.0MEDIUMScore: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.20% Percentile: 42%

Techniques & Countermeasures

  • CWE-284Improper Access Control

    The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

  • theforemanforeman

    ≤ 1.10.2 | 1.11.0 | 1.11.0:rc1

References (4)