CVE-2024-6861

HIGH

Red Hat Satellite 6.12 for RHEL 8 - Exposure of Sensitive Information via GraphQL API Introspection

Title source: llm

Description

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

References (5)

Core 5

Core References

Various Sources

https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2

Issue Tracking

https://projects.theforeman.org/issues/34328

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2022:8506

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-6861

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2317450

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 61.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

Red Hat/Red Hat Satellite 6

Red Hat/Red Hat Satellite 6.12 for RHEL 8 0:3.3.0.17-1.el8sat

Published Nov 06, 2024

Tracked Since Feb 18, 2026