Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2016-7077

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.

Published: Sep 10, 2018
Updated: Nov 9, 2025
CVE: CVE-2016-7077
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200
CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
theforeman / foreman	-	1.14.0

http://www.securityfocus.com/bid/94230
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077
https://projects.theforeman.org/issues/16971
https://theforeman.org/security.html#2016-7077

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo