A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 06 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API | Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api |
First Time appeared |
Redhat satellite Maintenance
Redhat satellite Utils |
|
CPEs | cpe:/a:redhat:satellite:6 cpe:/a:redhat:satellite_maintenance:6.12::el8 cpe:/a:redhat:satellite_utils:6.12::el8 |
|
Vendors & Products |
Redhat satellite Maintenance
Redhat satellite Utils |
|
References |
|
Thu, 10 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat satellite Redhat satellite Capsule |
|
CPEs | cpe:/a:redhat:satellite:6.12::el8 cpe:/a:redhat:satellite_capsule:6.12::el8 |
|
Vendors & Products |
Redhat
Redhat satellite Redhat satellite Capsule |
Wed, 09 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. | |
Title | foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-11-06T14:54:51.099Z
Updated: 2024-11-06T16:16:15.642Z
Reserved: 2024-07-17T20:36:00.703Z
Link: CVE-2024-6861
Vulnrichment
Updated: 2024-11-06T16:16:11.767Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T15:15:20.187
Modified: 2024-11-06T18:17:17.287
Link: CVE-2024-6861
Redhat