CVE-2024-6861 — Vulnetix

CVE-2024-6861 PUBLISHED CVSS 7.5 HIGH

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

EPSS 0.41% · 61.8th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.41%

61.8th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6
Red Hat	Red Hat Satellite 6
		0
Red Hat	Red Hat Satellite 6.12 for RHEL 8	0:3.3.0.17-1.el8sat
Red Hat	Red Hat Satellite 6

Exploit Intelligence

CIRCL seen: CVE-2024-6861 (circl-sighting)
RHSA-2022:8506 (circl)
https://access.redhat.com/security/cve/CVE-2024-6861 (circl)
RHBZ#2317450 (circl)
https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2 (circl)
https://projects.theforeman.org/issues/34328 (circl)

Timeline

Nov 6, 2024 Coalition ESS Score
Nov 6, 2024 CVE Published
Nov 6, 2024 PoC Published
Nov 7, 2024 EPSS Score
Nov 25, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Jan 18, 2025 EPSS Score
Feb 5, 2025 EPSS Score
Feb 23, 2025 EPSS Score
Feb 26, 2025 Coalition ESS Score
Mar 13, 2025 EPSS Score

References

RHSA-2022:8506 vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-6861 vdb
RHBZ#2317450 issue
https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2 url
https://projects.theforeman.org/issues/34328 url
https://nvd.nist.gov/vuln/detail/CVE-2024-6861 advisory

Open in Interactive Console →