{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T12:47:48.077","vulnerabilities":[{"cve":{"id":"CVE-2024-6861","sourceIdentifier":"secalert@redhat.com","published":"2024-11-06T15:15:20.187","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API."},{"lang":"es","value":"Se encontró una falla de divulgación de información confidencial en Foreman a través de la API GraphQL. Si la función de introspección está habilitada, los atacantes pueden recuperar claves de autenticación de administrador confidenciales, lo que podría comprometer la API de todo el producto."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2022:8506","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-6861","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317450","source":"secalert@redhat.com"},{"url":"https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2","source":"secalert@redhat.com"},{"url":"https://projects.theforeman.org/issues/34328","source":"secalert@redhat.com"}]}}]}