Untriaged
Permalink
CVE-2024-8553
6.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
Foreman: read-only access to entire db from templates
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.
References
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8717 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8718 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8719 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8906 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8553 x_refsource_REDHAT vdb-entry
- RHBZ#2312524 issue-tracking x_refsource_REDHAT
Affected products
foreman
- *
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>