Vulnerability CVE-2024-8553: Information

Description

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Severity: MEDIUM (6.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2024-8553
Published: Oct. 31, 2024
Modified: Nov. 6, 2024
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
foremansisyphus3.13.0-alt13.13.0-alt2ALT-PU-2025-2399-1358785Fixed
foremansisyphus_e2k3.13.0-alt23.13.0-alt2ALT-PU-2025-4895-1-Fixed
foremansisyphus_loongarch643.13.0-alt23.13.0-alt2ALT-PU-2025-2469-1-Fixed
foremanp113.13.0-alt23.13.0-alt2ALT-PU-2025-3716-3374139Fixed
foremanc9f21.24.3.6-alt0.11.24.3.6-alt0.1ALT-PU-2025-4484-5378456Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/errata/RHSA-2024:8717
    https://access.redhat.com/errata/RHSA-2024:8718
      https://access.redhat.com/errata/RHSA-2024:8719
        https://access.redhat.com/errata/RHSA-2024:8906
          https://access.redhat.com/security/cve/CVE-2024-8553
            https://bugzilla.redhat.com/show_bug.cgi?id=2312524
              VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
              Version: v26.2.2
              Back to top