Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Foreman 权限许可和访问控制问题漏洞
Vulnerability Description
Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。 Foreman 1.8.4之前版本和1.9.1之前1.9.x版本中存在权限许可和访问控制问题漏洞,该漏洞源于程序没有正确应用view_hosts权限。远程攻击者可利用该漏洞读取或删除任意主机报告。
CVSS Information
N/A
Vulnerability Type
N/A