CVE-2025-9572 PUBLISHED

Foreman: satellite: graphql api permission bypass leads to information disclosure

Assigner: redhat
Reserved: 28.08.2025 Published: 27.02.2026 Updated: 27.02.2026

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS Score: 5

Product Status

Vendor The Foreman
Product Foreman
Versions Default: unaffected
  • affected from 1.22.0 to 3.16.2 (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.15 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.9.1.14-1.el8sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.15 for RHEL 8
Versions Default: affected
  • unaffected from 0:6.15.5.7-1.el8sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.16 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.12.0.12-1.el8sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.16 for RHEL 8
Versions Default: affected
  • unaffected from 0:6.16.5.6-1.el8sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.16 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.12.0.12-1.el9sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.16 for RHEL 9
Versions Default: affected
  • unaffected from 0:6.16.5.6-1.el9sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.17 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.14.0.11-1.el9sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.18 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.16.0.7-1.el9sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.18 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.18.0.4-1.el9sat to * (excl.)
Vendor Red Hat
Product Red Hat Satellite 6.18 for RHEL 9
Versions Default: affected
  • unaffected from 0:6.18.1-1.el9sat to * (excl.)

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

  • Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue.

References

Problem Types

  • Exposure of Sensitive Information to an Unauthorized Actor CWE