Medium severity5.3NVD Advisory· Published Aug 19, 2016· Updated May 6, 2026

CVE-2016-4995

Description

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Affected products

Theforeman/Foreman
cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
Range: >=1.11.0,<1.11.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

projects.theforeman.org/issues/15490nvdPatchVendor Advisory
projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073nvdPatchVendor Advisory
access.redhat.com/errata/RHSA-2018:0336nvdThird Party Advisory
theforeman.org/security.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000