Все бюллетени/c9f2/ALT-PU-2025-4484-5
ALT-PU-2025-4484-5

Обновление пакета foreman в ветке c9f2

Версия1.24.3.6-alt0.1
Задание#378456
Опубликовано2025-03-26
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (2)

CVE-2022-4130
MEDIUM4.5

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Опубликовано: 2022-12-16Изменено: 2025-04-14
CVSS 3.xСРЕДНЯЯ 4.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Ссылки
CVE-2024-8553
MEDIUM6.3

A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.

Опубликовано: 2024-10-31Изменено: 2026-04-15
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Ссылки