nvd-json-data-feeds/CVE-2024/CVE-2024-85xx/CVE-2024-8553.json

{
  "id": "CVE-2024-8553",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-10-31T15:15:17.243",
  "lastModified": "2024-11-06T09:15:04.370",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad en las macros de carga de Foreman introducidas con las plantillas de informes. Estas macros pueden permitir que un usuario autenticado con permisos para ver y crear plantillas lea cualquier campo de la base de datos de Foreman. Al usar cadenas espec\u00edficas en las macros de carga, los usuarios pueden omitir los permisos y acceder a informaci\u00f3n confidencial."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secalert@redhat.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://access.redhat.com/errata/RHSA-2024:8717",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2024:8718",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2024:8719",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2024:8906",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2024-8553",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524",
      "source": "secalert@redhat.com"
    }
  ]
}