Project

General

Profile

Actions
Copy link

Bug #37978

closed

Fix CVE-2024-8553

Added by Adam Ruzicka about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Adam Ruzicka
Category:
Templates
Target version:
3.12.1
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/10367, https://github.com/theforeman/foreman/pull/10379
Fixed in Releases:
3.12.1, 3.13.0
Found in Releases:
Red Hat JIRA:

Description

CVE1 description:
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

[1] - https://nvd.nist.gov/vuln/detail/CVE-2024-8553

Actions
Copy link
 #1

Updated by The Foreman Bot about 2 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/10367 added
Actions
Copy link
 #2

Updated by The Foreman Bot about 2 months ago

  • Fixed in Releases 3.13.0 added
Actions
Copy link
 #3

Updated by Adam Ruzicka about 2 months ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #4

Updated by Ewoud Kohl van Wijngaarden about 2 months ago

  • Target version set to 3.12.1
Actions
Copy link
 #5

Updated by The Foreman Bot about 1 month ago

  • Pull request https://github.com/theforeman/foreman/pull/10379 added
Actions
Copy link
 #6

Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases 3.12.1 added
Actions
Copy link

Also available in: Atom PDF