Project

General

Profile

Actions

Bug #37978

closed

Fix CVE-2024-8553

Added by Adam Ruzicka about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Templates
Target version:
Fixed in Releases:
Found in Releases:

Description

CVE1 description:
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

[1] - https://nvd.nist.gov/vuln/detail/CVE-2024-8553

Actions #1

Updated by The Foreman Bot about 2 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/10367 added
Actions #2

Updated by The Foreman Bot about 2 months ago

  • Fixed in Releases 3.13.0 added
Actions #3

Updated by Adam Ruzicka about 2 months ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by Ewoud Kohl van Wijngaarden about 2 months ago

  • Target version set to 3.12.1
Actions #5

Updated by The Foreman Bot about 1 month ago

  • Pull request https://github.com/theforeman/foreman/pull/10379 added
Actions #6

Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases 3.12.1 added
Actions

Also available in: Atom PDF