Fedora Account System
Red Hat Associate
Red Hat Customer
Summary: A cross-tenant information disclosure flaw was found in Foreman. The taxonomy_scope controller method does not validate organization and location IDs from nested request parameters against the current user's taxonomy memberships, bypassing the existing set_taxonomy authorization check. This flaw allows an authenticated user with host-edit permissions to leak infrastructure metadata such as subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs from organizations and locations they do not belong to. Requirements to exploit: Authenticated Foreman account with create_hosts or edit_hosts permission (or equivalent hostgroup permissions) in at least one organization. Attacker crafts a single HTTP request with a valid own-org ID at the top level and a foreign org ID in nested params.
This issue has been addressed in the following products: Red Hat Satellite 6.17 for RHEL 9 Via RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
This issue has been addressed in the following products: Red Hat Satellite 6.18 for RHEL 9 Via RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368
This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2026:34367 https://access.redhat.com/errata/RHSA-2026:34367