{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-13316", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-25T07:46:22.379Z", "datePublished": "2026-06-30T09:53:03.409Z", "dateUpdated": "2026-06-30T13:16:44.600Z"}, "containers": {"cna": {"title": "Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "satellite-utils:el8/foreman", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-13316", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490345", "name": "RHBZ#2490345", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-18T12:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2026-06-18T12:51:36.648Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-18T12:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-30T09:53:03.409Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:16:34.459169Z", "id": "CVE-2026-13316", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:16:44.600Z"}}]}}

{}

{}

{"bugzilla": {"description": "Foreman: SSRF to cloud metada service through unvalidated test_url parameters in Foreman config", "id": "2490345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490345"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-13316", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "foreman", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite-utils:el8/foreman", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-06-18T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-13316\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-13316"], "statement": "Red Hat Product Security has assessed that this issue is not exploitable under the default configuration. Exploitation requires an attacker with sufficient privileges on the host where Foreman is installed to modify the relevant configuration files and to trigger the Server-Side Request Forgery (SSRF) condition.", "threat_severity": "Moderate"}

{"created": "2026-06-30T11:30:04.327756+00:00", "updated": "2026-06-30T11:30:04.327762+00:00", "vendors": []}