High severity8.8OSV Advisory· Published Aug 19, 2016· Updated Jun 17, 2026
CVE-2016-4475
CVE-2016-4475
Description
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: 0.1, 0.2, 0.2rc2, …
cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*range: <=1.11.3
- cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*
- (no CPE)range: < 1.11.4, >= 1.12.0-RC1 < 1.12.0-RC3
Patches
Vulnerability mechanics
References
5- projects.theforeman.org/issues/15268nvdPatchVendor Advisory
- projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9nvdPatchVendor Advisory
- www.securityfocus.com/bid/92125nvdThird Party AdvisoryVDB Entry
- theforeman.org/security.htmlnvdVendor Advisory
- access.redhat.com/errata/RHBA-2016:1615nvd
News mentions
0No linked articles in our index yet.