Vulnerability-Lookup

GHSA-GVVP-XFG4-2FR6

Vulnerability from github – Published: 2026-02-27 09:30 – Updated: 2026-02-27 09:30

Details

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Severity ?

5.0 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-9572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-27T08:17:06Z",
    "severity": "MODERATE"
  },
  "details": "n authorization flaw in Foreman\u0027s GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.",
  "id": "GHSA-gvvp-xfg4-2fr6",
  "modified": "2026-02-27T09:30:29Z",
  "published": "2026-02-27T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9572"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21886"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21893"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21894"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21897"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-9572"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391715"
    },
    {
      "type": "WEB",
      "url": "https://theforeman.org/security.html#2025-9572"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-9572 (GCVE-0-2025-9572)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:28 – Updated: 2026-02-27 18:42

Title

Foreman: satellite: graphql api permission bypass leads to information disclosure

Summary

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:21886	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21893	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21894	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21897	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-9572	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2391715	issue-trackingx_refsource_REDHAT
	https://theforeman.org/security.html#2025-9572

Impacted products

Vendor

Product

Version

The Foreman

Foreman

Affected: 1.22.0 , < 3.16.2 (semver)

Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 0:3.9.1.14-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 0:6.15.5.7-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 0:3.12.0.12-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 0:6.16.5.6-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 0:3.12.0.12-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 0:6.16.5.6-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8
Red Hat	Red Hat Satellite 6.17 for RHEL 9	Unaffected: 0:3.14.0.11-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_utils:6.17::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:3.16.0.7-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 cpe:/a:redhat:satellite:6.18::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:4.18.0.4-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 cpe:/a:redhat:satellite:6.18::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:6.18.1-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 cpe:/a:redhat:satellite:6.18::el9

Credits

Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9572",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T18:42:27.523966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T18:42:37.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/foreman",
          "defaultStatus": "unaffected",
          "packageName": "foreman",
          "product": "Foreman",
          "vendor": "The Foreman",
          "versions": [
            {
              "lessThan": "3.16.2",
              "status": "affected",
              "version": "1.22.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.14-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.15.5.7-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.12-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.16.5.6-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.12-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.16.5.6-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.17::el9",
            "cpe:/a:redhat:satellite:6.17::el9",
            "cpe:/a:redhat:satellite_utils:6.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.17 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0.11-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.16.0.7-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rubygem-katello",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0.4-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.18.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue."
        }
      ],
      "datePublic": "2025-08-29T06:12:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "n authorization flaw in Foreman\u0027s GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:28:44.391Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21886"
        },
        {
          "name": "RHSA-2025:21893",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21893"
        },
        {
          "name": "RHSA-2025:21894",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21894"
        },
        {
          "name": "RHSA-2025:21897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21897"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9572"
        },
        {
          "name": "RHBZ#2391715",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391715"
        },
        {
          "url": "https://theforeman.org/security.html#2025-9572"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-29T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-08-29T06:12:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Foreman: satellite: graphql api permission bypass leads to information disclosure",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9572",
    "datePublished": "2026-02-27T07:28:44.391Z",
    "dateReserved": "2025-08-28T08:47:45.693Z",
    "dateUpdated": "2026-02-27T18:42:37.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-GVVP-XFG4-2FR6

CVE-2025-9572 (GCVE-0-2025-9572)

Tags

Sightings

Nomenclature