Description
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
Problem types
Exposure of Sensitive Information to an Unauthorized Actor
Product status
1.22.0 (semver) before 3.16.2
0:3.9.1.14-1.el8sat (rpm) before *
0:6.15.5.7-1.el8sat (rpm) before *
0:3.12.0.12-1.el8sat (rpm) before *
0:6.16.5.6-1.el8sat (rpm) before *
0:3.12.0.12-1.el9sat (rpm) before *
0:6.16.5.6-1.el9sat (rpm) before *
0:3.14.0.11-1.el9sat (rpm) before *
0:3.16.0.7-1.el9sat (rpm) before *
0:4.18.0.4-1.el9sat (rpm) before *
0:6.18.1-1.el9sat (rpm) before *
Timeline
| 2025-08-29: | Reported to Red Hat. |
| 2025-08-29: | Made public. |
Credits
Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue.
References
access.redhat.com/errata/RHSA-2025:21886 (RHSA-2025:21886)
access.redhat.com/errata/RHSA-2025:21893 (RHSA-2025:21893)
access.redhat.com/errata/RHSA-2025:21894 (RHSA-2025:21894)
access.redhat.com/errata/RHSA-2025:21897 (RHSA-2025:21897)
access.redhat.com/security/cve/CVE-2025-9572
bugzilla.redhat.com/show_bug.cgi?id=2391715 (RHBZ#2391715)