{"id":"CVE-2016-4995","details":"Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.","modified":"2026-05-30T08:12:56.188512Z","published":"2016-08-19T21:59:10.430Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"type":"ADVISORY","url":"https://theforeman.org/security.html#2016-4995"},{"type":"FIX","url":"http://projects.theforeman.org/issues/15490"},{"type":"FIX","url":"http://projects.theforeman.org/projects/foreman/repository/revisions/c3c186de12be15e55d9582e54659f765304a1073"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/theforeman/foreman","events":[{"introduced":"8731c1f6e50b5abd8f88db58f714c02dd584c419"},{"fixed":"fa181918d33bcfb3e8b45da35179982012be660a"},{"introduced":"522fa90e2953631719364921d4985d06f912a42e"},{"fixed":"6070cceb8ef1d9d35333b5fa2d4bbbb5c14e740a"}],"database_specific":{"cpe":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.11.0"},{"fixed":"1.11.4"},{"introduced":"1.12.0"},{"fixed":"1.12.1"}],"source":"CPE_RANGE"}}],"versions":["1.12.0","1.11.3","1.11.2","1.11.1","1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/theforeman/foreman-installer","events":[{"introduced":"5828e336f8ed7890e5dc9458fa580bd35efa9d69"},{"fixed":"3272502d2ad1e91ad2f1175ac681c015e9392fff"},{"introduced":"ae2ac4e445bdd0541651a9b15e94648eb5fcd34a"},{"fixed":"d0e23cda1373f9819d8394682a3365cc6feba101"}],"database_specific":{"cpe":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.11.0"},{"fixed":"1.11.4"},{"introduced":"1.12.0"},{"fixed":"1.12.1"}],"source":"CPE_RANGE"}}],"versions":["1.11.3","1.12.0","1.11.2","1.11.1","1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/theforeman/smart-proxy","events":[{"introduced":"27b23f5ab93b02faf66bb93579b79d52bcc4847f"},{"fixed":"4198ca38d7b8eb6695a61023a9fccf97fb59be86"},{"introduced":"fb319164de15280fb59bc25448d7f00d86703d15"},{"fixed":"4252c1083d5e16c375cd450abdf6fd24ac952048"}],"database_specific":{"cpe":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.11.0"},{"fixed":"1.11.4"},{"introduced":"1.12.0"},{"fixed":"1.12.1"}],"source":"CPE_RANGE"}}],"versions":["1.11.3","1.12.0","1.11.2","1.11.1","1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4995.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}