foreman is vulnerable to authorization bypass. An unspecified vulnerability allows authenticated users to bypass organization and location restrictions to read, edit or delete organizations or locations.
projects.theforeman.org/issues/15268
projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9
www.securityfocus.com/bid/92125
access.redhat.com/errata/RHBA-2016:1615
access.redhat.com/security/cve/CVE-2016-4475
bugzilla.redhat.com/show_bug.cgi?id=1311313
bugzilla.redhat.com/show_bug.cgi?id=1311739
bugzilla.redhat.com/show_bug.cgi?id=1342439
bugzilla.redhat.com/show_bug.cgi?id=1342665
bugzilla.redhat.com/show_bug.cgi?id=1343927
bugzilla.redhat.com/show_bug.cgi?id=1344053
bugzilla.redhat.com/show_bug.cgi?id=1347228
bugzilla.redhat.com/show_bug.cgi?id=1347992
bugzilla.redhat.com/show_bug.cgi?id=1351103
bugzilla.redhat.com/show_bug.cgi?id=1359125
bugzilla.redhat.com/show_bug.cgi?id=1359665
bugzilla.redhat.com/show_bug.cgi?id=1359694
bugzilla.redhat.com/show_bug.cgi?id=1364049
theforeman.org/security.html#2016-4475