Medium severity5.3NVD Advisory· Published Aug 19, 2016· Updated Jun 17, 2026
CVE-2016-4995
CVE-2016-4995
Description
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*range: >=1.11.0,<1.11.4
- (no CPE)range: before 1.11.4 and 1.12.x before 1.12.1
Patches
Vulnerability mechanics
References
4- projects.theforeman.org/issues/15490nvdPatchVendor Advisory
- projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073nvdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2018:0336nvdThird Party Advisory
- theforeman.org/security.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.