Untriaged
Permalink
CVE-2024-6861
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
References
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
- RHSA-2022:8506 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-6861 x_refsource_REDHAT vdb-entry
- RHBZ#2317450 issue-tracking x_refsource_REDHAT
- https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2
- https://projects.theforeman.org/issues/34328
Affected products
foreman
- *
- <3.3
satellite:el8/foreman
- *
satellite-utils:el8/foreman
- *
satellite-capsule:el8/foreman
- *
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>