CVE-2024-6861 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-6861 PUBLISHED CVSS 7.5 HIGH

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

EPSS 0.17% · 37.5th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.17%

37.5th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6
Red Hat	Red Hat Satellite 6
		0
Red Hat	Red Hat Satellite 6.12 for RHEL 8	0:3.3.0.17-1.el8sat
Red Hat	Red Hat Satellite 6

Timeline

Nov 6, 2024 Coalition ESS Score
Nov 6, 2024 CVE Published
Nov 6, 2024 PoC Published
Nov 7, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Dec 30, 2024 EPSS Score
Jan 16, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 20, 2025 EPSS Score
Feb 26, 2025 Coalition ESS Score
Mar 9, 2025 EPSS Score

References

RHSA-2022:8506 vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-6861 vdb
RHBZ#2317450 issue
https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2 url
https://projects.theforeman.org/issues/34328 url
https://nvd.nist.gov/vuln/detail/CVE-2024-6861 advisory

Open in Interactive Console →