High severity7.5NVD Advisory· Published Nov 6, 2024· Updated Apr 15, 2026

CVE-2024-6861

Description

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2022:8506nvd
access.redhat.com/security/cve/CVE-2024-6861nvd
bugzilla.redhat.com/show_bug.cginvd
docs.theforeman.org/3.3/Release_Notes/index-katello.htmlnvd
projects.theforeman.org/issues/34328nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000