6.5
CVE-2025-9572
- EPSS 0.01%
- Veröffentlicht 27.02.2026 07:28:44
- Zuletzt bearbeitet 24.03.2026 12:16:12
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Foreman: satellite: graphql api permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Theforeman ≫ Foreman Version >= 1.22.0 < 3.16.2
Redhat ≫ Satellite Capsule Version6.15
Redhat ≫ Satellite Capsule Version6.16
Redhat ≫ Satellite Capsule Version6.17
Redhat ≫ Satellite Capsule Version6.18
Redhat ≫ Enterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secalert@redhat.com | 5 | 3.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.