CVE-2024-8553
MEDIUMRed Hat Satellite 6.13-6.16 - Authenticated Sensitive Information Exposure via Foreman Loader Macros
Title source: llmDescription
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:8717
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:8718
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:8719
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:8906
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-8553
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2312524
Scores
CVSS v3
6.3
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (5)
Red Hat/Red Hat Satellite 6.13 for RHEL 8
0:3.5.1.25-1.el8sat
Red Hat/Red Hat Satellite 6.14 for RHEL 8
0:3.7.0.14-1.el8sat
Red Hat/Red Hat Satellite 6.15 for RHEL 8
0:3.9.1.11-1.el8sat
Red Hat/Red Hat Satellite 6.16 for RHEL 8
0:3.12.0.1-1.el8sat
Red Hat/Red Hat Satellite 6.16 for RHEL 9
0:3.12.0.1-1.el9sat
Published
Oct 31, 2024
Tracked Since
Feb 18, 2026