Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-9572

Опубликовано: 27 фев. 2026
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5

Описание

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

ignored

end of life, was needs-triage
questing

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%
0.0001
Низкий

5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2025-9572

CVSS3: 5
redhat
7 месяцев назад

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

nvd логотип

CVE-2025-9572

CVSS3: 5
nvd
около 1 месяца назад

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

debian логотип

CVE-2025-9572

CVSS3: 5
debian
около 1 месяца назад

n authorization flaw in Foreman's GraphQL API allows low-privileged us ...

github логотип

GHSA-gvvp-xfg4-2fr6

CVSS3: 5
github
около 1 месяца назад

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

EPSS

Процентиль: 1%
0.0001
Низкий

5 Medium

CVSS3