Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8553

Опубликовано: 31 окт. 2024
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Отчет

This issue is classified as moderate rather than important due to the requirement of authenticated access and specific permissions. While it allows exploitation of loader macros to access unintended fields in Foreman's database, the vulnerability is only accessible to users with permission to view or create templates containing these macros. As a result, the exploit's potential impact is limited to users who already possess a significant level of access within the system. Furthermore, the issue does not lead to privilege escalation, code execution, or direct system compromise, but rather unauthorized data access.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2312524foreman: Read-only access to entire DB from templates

EPSS

Процентиль: 30%
0.00109
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-8553

CVSS3: 6.3
nvd
около 1 года назад

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

debian логотип

CVE-2024-8553

CVSS3: 6.3
debian
около 1 года назад

A vulnerability was found in Foreman's loader macros introduced with r ...

github логотип

GHSA-ffc7-h8x5-mm7h

CVSS3: 6.3
github
около 1 года назад

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

EPSS

Процентиль: 30%
0.00109
Низкий

6.3 Medium

CVSS3