Bug #15490
closed
CVE-2016-4995 - view_hosts permissions/filters not checked for provisioning template previews
Added by Dominic Cleal over 8 years ago.
Updated over 6 years ago.
Description
Users who are logged in with permissions to view some hosts are able to preview provisioning templates for any host by specifying its hostname in the URL, as the specific view_hosts permissions and filters aren't checked. If the organization or location features are enabled, the user will still be restricted to their associated orgs/locs.
This can disclose configuration information about the host, including root password hashes if used in preseed/kickstart templates.
Foreman versions 1.11.0 and higher are vulnerable.
- Related to Refactor #13039: Remove DB queries from class of UnattendedController added
- Related to Bug #10689: Unattended controller permission check does not work added
This vuln was introduced by #13039, but the patch for #10689 (which itself is now resolved) should serve to fix the issue when the ticket number's updated.
- Subject changed from view_hosts permissions/filters not checked for provisioning template previews to CVE-2016-4995 - view_hosts permissions/filters not checked for provisioning template previews
- Status changed from New to Assigned
- Assignee set to Lukas Zapletal
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2428 added
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by