Medium severity6.3NVD Advisory· Published Oct 31, 2024· Updated Apr 15, 2026

CVE-2024-8553

Description

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Affected products

RubyGems/Foremaninferred
Package: https://rubygems.org/gems/foreman

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:8717nvd
access.redhat.com/errata/RHSA-2024:8718nvd
access.redhat.com/errata/RHSA-2024:8719nvd
access.redhat.com/errata/RHSA-2024:8906nvd
access.redhat.com/security/cve/CVE-2024-8553nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000