CVE-2024-6861

high

Description

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

References

https://projects.theforeman.org/issues/34328

https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2

https://bugzilla.redhat.com/show_bug.cgi?id=2317450

https://access.redhat.com/security/cve/CVE-2024-6861

https://access.redhat.com/errata/RHSA-2022:8506

Details

Source: Mitre, NVD

Published: 2024-11-06

Updated: 2024-11-06

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High