Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2016-4995

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

Published: Aug 19, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-4995
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
theforeman / foreman	1.11.0	1.11.4
theforeman / foreman	1.12.0	1.12.1

http://projects.theforeman.org/issues/15490
http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073
https://access.redhat.com/errata/RHSA-2018:0336
https://theforeman.org/security.html#2016-4995

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo