Foreman is giving to much information to anyone who happens to log in via the on-the-fly LDAP account creation. They get a list of servers, see IP addresses, MAC addresses, OS versions, host YAML, report status section and other information about hosts.

It would be nice to have a way to restrict new users to see only hosts they own (which will admittedly probably be none, unless/until they get added to a group that has ownership of some hosts or are granted adequate permissions and create some); I was thinking that being able to set a default filter for the LDAP Auth Source would be a good way to handle this, though I don't know how this might play out if all filters are moved to the User Group level as I have seen discussed as a potential possibility.

And of course to be clear I don't consider it a security concern, since a lot of this information is necessarily available for ENC functionality and therefore to anyone who knows how to poke at the server properly, but a user logging in for the first time shouldn't see other groups hosts in the web UI regardless.