Home > Vulnerability Database > CVE-2024-6861

Mend.io Vulnerability Database

CVE-2024-6861

Date: November 6, 2024

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

Language: Ruby

Severity Score

7.5

Related Resources (7)

Url: https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2

Url: https://projects.theforeman.org/issues/34328

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6861

Url: https://access.redhat.com/errata/RHSA-2022:8506

Url: https://access.redhat.com/security/cve/CVE-2024-6861

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2317450

Url: https://www.mend.io/vulnerability-database/CVE-2024-6861

Severity Score

7.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6861

Date: November 6, 2024

Language: Ruby

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?