CVE-2024-8553

CVSS V2 None CVSS V3 None

Description

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Overview

CVE ID
CVE-2024-8553

Assigner
redhat

Vulnerability Status
PUBLISHED

Published Version
2024-10-31T15:01:16.401Z

Last Modified Date
2024-11-01T01:54:14.418Z

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://access.redhat.com/errata/RHSA-2024:8717	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8718	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8719	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8553	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2312524	issue-tracking x_refsource_REDHAT

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-8553
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8553

History

Created	Old Value	New Value	Data Type	Notes
2024-11-01 13:11:12				Added to TrackCVE