CVE-2024-8553

medium

Description

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2312524

https://access.redhat.com/security/cve/CVE-2024-8553

https://access.redhat.com/errata/RHSA-2024:8906

https://access.redhat.com/errata/RHSA-2024:8719

https://access.redhat.com/errata/RHSA-2024:8718

https://access.redhat.com/errata/RHSA-2024:8717

Details

Source: Mitre, NVD

Published: 2024-10-31

Updated: 2024-11-06

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium