CVE-2024-6861

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 6, 2024

CWE ID 200

Summary

CVE-2024-6861 is a vulnerability affecting the Foreman configuration management tool. If the GraphQL API's introspection feature is enabled, attackers can exploit a disclosure of sensitive information issue to retrieve admin authentication keys. Successful exploitation of this vulnerability could lead to a complete compromise of the API and potential unauthorized access to the product's configuration and management functionalities. Organizations using Foreman are advised to disable the introspection feature to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foreman

Affected Vendors

Foreman

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xE-IWh
https://www.cve.org/CVERecord?id=CVE-2024-6861
https://nvd.nist.gov/vuln/detail/CVE-2024-6861

Back to Vulnerability Database