Home > Vulnerability Database > CVE-2024-6861

Mend.io Vulnerability Database

CVE-2024-6861

Good to know:

Date: November 6, 2024

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

Language: Ruby

Severity Score

7.5

Related Resources (7)

Url: https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2

Url: https://projects.theforeman.org/issues/34328

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6861

Url: https://access.redhat.com/errata/RHSA-2022:8506

Url: https://access.redhat.com/security/cve/CVE-2024-6861

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2317450

Url: https://www.mend.io/vulnerability-database/CVE-2024-6861

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 3.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6861

Good to know:

Date: November 6, 2024

Language: Ruby

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?