Bug #37978: Fix CVE-2024-8553 - Foreman

Actions

Copy link

Bug #37978

closed

Fix CVE-2024-8553

Added by Adam Ruzicka about 2 months ago. Updated about 1 month ago.

Status:

Closed

Priority:

Normal

Assignee:

Adam Ruzicka

Category:

Templates

Target version:

3.12.1

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/10367, https://github.com/theforeman/foreman/pull/10379

Fixed in Releases:

3.12.1, 3.13.0

Found in Releases:

Red Hat JIRA:

Description

CVE¹ description:
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

[1] - https://nvd.nist.gov/vuln/detail/CVE-2024-8553

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #37978

Fix CVE-2024-8553

Updated by The Foreman Bot about 2 months ago

Updated by The Foreman Bot about 2 months ago

Updated by Adam Ruzicka about 2 months ago

Updated by Ewoud Kohl van Wijngaarden about 1 month ago

Updated by The Foreman Bot about 1 month ago

Updated by The Foreman Bot about 1 month ago