CVE-2024-6861

Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api

CVSS 7.5 HIGHEPSS 0.7%CWE-200

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

06 nov 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

foremanRed Hat · Red Hat Satellite 6 Red Hat · Red Hat Satellite 6.12 for RHEL 8

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2022:8506 https://access.redhat.com/security/cve/CVE-2024-6861 https://bugzilla.redhat.com/show_bug.cgi?id=2317450 https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2 https://projects.theforeman.org/issues/34328