CVE-2024-6861

🗓️ 06 Nov 2024 14:54:51Reported by redhatType

Disclosure of sensitive information in Foreman GraphQL AP

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-6861	6 Nov 202414:59	–	circl
CNNVD	Foreman 信息泄露漏洞	9 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-6861 Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api	6 Nov 202414:54	–	cvelist
EUVD	EUVD-2024-47859	3 Oct 202520:07	–	euvd
NVD	CVE-2024-6861	6 Nov 202415:15	–	nvd
OSV	RHSA-2022:8506 Red Hat Security Advisory: Satellite 6.12 Release	29 Sep 202419:10	–	osv
Positive Technologies	PT-2024-37910 · Foreman · Foreman	6 Nov 202400:00	–	ptsecurity
Tenable Nessus	RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)	28 Apr 202400:00	–	nessus
RedhatCVE	CVE-2024-6861	9 Oct 202401:12	–	redhatcve
RedHat Linux	Important: Red Hat Security Advisory: Satellite 6.12 Release	16 Nov 202215:09	–	redhat

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.3",
        "versionType": "semver"
      }
    ],
    "packageName": "foreman",
    "collectionURL": "https://theforeman.org/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6.12 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "foreman",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.3.0.17-1.el8sat",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:satellite_maintenance:6.12::el8",
      "cpe:/a:redhat:satellite_utils:6.12::el8",
      "cpe:/a:redhat:satellite_capsule:6.12::el8",
      "cpe:/a:redhat:satellite:6.12::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite-capsule:el8/foreman",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite:el8/foreman",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "satellite-utils:el8/foreman",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
docs	www.docs.theforeman.org/3.3/Release_Notes/index-katello.html
projects	www.projects.theforeman.org/issues/34328
access	www.access.redhat.com/errata/RHSA-2022:8506
access	www.access.redhat.com/security/cve/CVE-2024-6861

17 Jun 2026 08:18Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.00658

SSVC

CWE-200