A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
References |
|
Fri, 01 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 01 Nov 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat satellite Capsule
Redhat satellite Maintenance Redhat satellite Utils |
|
CPEs | cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite_maintenance:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite_utils:6.15::el8 |
|
Vendors & Products |
Redhat satellite Capsule
Redhat satellite Maintenance Redhat satellite Utils |
|
References |
|
Thu, 31 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 31 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. | |
Title | Foreman: read-only access to entire db from templates | |
First Time appeared |
Redhat
Redhat satellite |
|
Weaknesses | CWE-200 | |
CPEs | cpe:/a:redhat:satellite:6 | |
Vendors & Products |
Redhat
Redhat satellite |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-31T15:01:16.401Z
Updated: 2024-11-24T20:04:33.536Z
Reserved: 2024-09-06T20:25:15.408Z
Link: CVE-2024-8553
Vulnrichment
Updated: 2024-10-31T15:52:30.454Z
NVD
Status : Awaiting Analysis
Published: 2024-10-31T15:15:17.243
Modified: 2024-11-06T09:15:04.370
Link: CVE-2024-8553
Redhat