Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8553", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-09-06T20:25:15.408Z", "datePublished": "2024-10-31T15:01:16.401Z", "dateUpdated": "2025-04-09T20:37:17.798Z"}, "containers": {"cna": {"title": "Foreman: read-only access to entire db from templates", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information."}], "affected": [{"packageName": "foreman", "collectionURL": "https://github.com/theforeman/foreman", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.5.1.25-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_maintenance:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.5.1.25-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_maintenance:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.5.1.25-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_maintenance:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.7.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.7.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.7.0.14-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.9.1.11-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.9.1.11-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.9.1.11-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_utils:6.16::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:8717", "name": "RHSA-2024:8717", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8718", "name": "RHSA-2024:8718", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8719", "name": "RHSA-2024:8719", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8906", "name": "RHSA-2024:8906", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-8553", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524", "name": "RHBZ#2312524", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-10-31T14:29:39.030Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-09-16T07:20:13.067000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-31T14:29:39.030000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-04-09T20:37:17.798Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-31T15:52:21.343746Z", "id": "CVE-2024-8553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T15:52:36.245Z"}}]}}