CVE-2016-7077
Description
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foreman before 1.14.0 leaks names of associated objects via unauthorized form helper options when count is less than 6.
Vulnerability
The vulnerability exists in Foreman's form helper, specifically the multiple_checkboxes helper, which does not authorize options for associated objects. In Foreman versions before 1.14.0, an unauthorized user can see the names of associated objects if the total count of such objects is less than 6. This affects the multiple_checkboxes helper used in forms. [1][2]
Exploitation
An attacker needs network access to a Foreman instance and must be able to interact with forms that use the vulnerable helper. No authentication is required if the form is publicly accessible, but typically the attacker would need to be an unprivileged user. By triggering a form that lists associated objects (e.g., hosts, hosts groups), the attacker can observe the names of those objects when the count is below 6. [2]
Impact
The impact is information disclosure: an unauthorized user can learn the names of associated objects (e.g., host names, host group names) that they should not have access to. This leaks sensitive information about the infrastructure managed by Foreman. The severity is low as it only reveals names when the count is less than 6. [1][2]
Mitigation
The fix was released in Foreman version 1.14.0. Users should upgrade to 1.14.0 or later. For versions prior, no workaround is documented. The issue is considered low severity and is not listed in CISA's Known Exploited Vulnerabilities catalog. [1][2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: foreman 1.14.0
Patches
12 files changed · +4 −1
CHANGELOG+3 −0 modified@@ -1,3 +1,6 @@ +2017-01-13 Dominic Cleal <dominic@cleal.org> + * Release 1.14.0 + 2017-01-05 Dominic Cleal <dominic@cleal.org> * Release 1.14.0-RC3
VERSION+1 −1 modified@@ -1 +1 @@ -1.14.0-RC3 +1.14.0
Vulnerability mechanics
Root cause
"Missing authorization check in Foreman's form helper for associated object options allows information disclosure."
Attack vector
An unauthenticated or unauthorized user can trigger the information leak by interacting with a Foreman form that includes options for associated objects. The form helper fails to enforce authorization checks when rendering these options, so the user can see the names of associated objects even without permission. The leak is limited to cases where the number of such objects is less than 6, because the helper only reveals names when the count is below that threshold.
Affected code
The vulnerability exists in Foreman's form helper, which does not authorize options for associated objects. The patch provided is a version bump to 1.14.0 in the smart-proxy repository, but the actual code fix is not shown in this diff — the advisory indicates the flaw is in Foreman's form helper logic for associated object options.
What the fix does
The patch increments the smart-proxy version from 1.14.0-RC3 to 1.14.0, marking the release that contains the fix. The advisory states that the underlying remediation is to add authorization checks in Foreman's form helper for associated object options, preventing unauthorized users from seeing object names when the count is less than 6. No code-level diff of the authorization fix is included in this patch bundle.
Preconditions
- networkThe attacker must have access to a Foreman form that renders options for associated objects.
- inputThe number of associated objects must be less than 6 for the names to be revealed.
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.securityfocus.com/bid/94230mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- projects.theforeman.org/issues/16971mitrex_refsource_CONFIRM
- theforeman.org/security.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.