CVE-2016-7077

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://theforeman.org/security.html#2016-7077", "name": "https://theforeman.org/security.html#2016-7077", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://projects.theforeman.org/issues/16971", "name": "https://projects.theforeman.org/issues/16971", "tags": ["Exploit", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7077", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/94230", "name": "94230", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-7077", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2018-09-10T15:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.14.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:19Z"}