{"id":"CVE-2016-2100","details":"Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.","modified":"2026-04-16T14:50:06.802429Z","published":"2016-05-20T14:59:02.200Z","references":[{"type":"WEB","url":"http://projects.theforeman.org/issues/13828"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/03/31/2"},{"type":"ADVISORY","url":"http://theforeman.org/security.html#2016-2100"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2016:1500"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/theforeman/smart-proxy","events":[{"introduced":"0"},{"last_affected":"1c7b5e542ac3977325d44f038c91ab636655d28d"},{"last_affected":"27b23f5ab93b02faf66bb93579b79d52bcc4847f"},{"last_affected":"515fc38cd5b70c54d334e200a39212e87b3e1d35"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.10.2"},{"last_affected":"1.11.0"},{"last_affected":"1.11.0-rc1"}]}}],"versions":["0.1","0.2","0.2rc2","0.3","1.0","1.0RC1","1.0RC2","1.1","1.10.0","1.10.0-RC1","1.10.0-RC2","1.10.0-RC3","1.10.1","1.10.2","1.11.0","1.11.0-RC1","1.11.0-RC2","1.11.0-RC3","1.1RC1","1.1RC2","1.1RC3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2100.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}