Overview
- Description
- A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Weaknesses
- secalert@redhat.com
- CWE-200
Social media
- Hype score
- Not currently trending
CVE-2024-8553 Database Field Exposure via Loader Macros in Foreman Report Templates A vulnerability is present in Foreman's loader macros that are used with report templates. This issue might let a user, who is a... https://t.co/7YxAvH8UNb
@VulmonFeeds
31 Oct 2024
36 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-8553 A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create … https://t.co/E7apZrwhfN
@CVEnew
31 Oct 2024
396 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes