Impact
A flaw in Foreman's taxonomy_scope controller allows an authenticated user who holds host‑edit permissions to read sensitive infrastructure metadata from organizations and locations that are not normally accessible to them. The vulnerability arises because organization and location identifiers supplied within nested request parameters are not properly validated, so the existing authorization checks are bypassed. The exposed data includes subnet topology, IP ranges, gateways, DNS servers, and operational details to privileged, but otherwise restricted, users.
Affected Systems
This issue affects Red Hat Satellite 6 deployments. The specific versions impacted are not listed in the available data, but any installation of Satellite 6 that includes Foreman without the patch can be vulnerable. Users should check the component version to confirm exposure.
Risk and Exploitability
The CVSS score of 4.3 indicates a moderate severity, and the vulnerability does not appear in CISA’s KEV catalog. EPSS data is not available, which suggests there is no publicly known exploitation activity, though the attack path requires legitimate user credentials with host‑edit rights. If an attacker gains such credentials, they can obtain non‑confidential metadata that could aid further attacks or breach organizational boundaries.
OpenCVE Enrichment