Medium severity5.3NVD Advisory· Published Aug 19, 2016· Updated Jun 17, 2026
CVE-2016-5390
CVE-2016-5390
Description
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*range: >=1.11.0,<1.11.4
- (no CPE)range: before 1.11.4, 1.12.0 before 1.12.1
Patches
Vulnerability mechanics
References
4- projects.theforeman.org/issues/15653nvdPatchVendor Advisory
- www.securityfocus.com/bid/91770nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
- theforeman.org/security.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.