Overview
- Description
- A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- secalert@redhat.com
- CWE-200
Social media
- Hype score
- Not currently trending
CVE-2024-6861 Sensitive Information Disclosure via GraphQL API in Foreman A sensitive information leak was found in foreman through the GraphQL API. If the introspection feature is on, attackers can access sensit... https://t.co/RZ0b0r8NWO
@VulmonFeeds
7 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-6861 A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve s… https://t.co/ZPim7CZm8O
@CVEnew
6 Nov 2024
418 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes