CVE-2024-6861

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 6, 2024
CWE ID 200

Summary

CVE-2024-6861 is a vulnerability affecting the Foreman configuration management tool. If the GraphQL API's introspection feature is enabled, attackers can exploit a disclosure of sensitive information issue to retrieve admin authentication keys. Successful exploitation of this vulnerability could lead to a complete compromise of the API and potential unauthorized access to the product's configuration and management functionalities. Organizations using Foreman are advised to disable the introspection feature to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share