An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
History

Wed, 06 Nov 2024 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Maintenance
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_maintenance:6.16::el8
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9
Vendors & Products Redhat satellite Maintenance
References

Mon, 23 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 06:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 18 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 05 Sep 2024 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*

Wed, 04 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6 cpe:/a:redhat:satellite:6.13::el8
cpe:/a:redhat:satellite:6.14::el8
cpe:/a:redhat:satellite:6.15::el8
cpe:/a:redhat:satellite_capsule:6.13::el8
cpe:/a:redhat:satellite_capsule:6.14::el8
cpe:/a:redhat:satellite_capsule:6.15::el8
cpe:/a:redhat:satellite_utils:6.13::el8
cpe:/a:redhat:satellite_utils:6.14::el8
cpe:/a:redhat:satellite_utils:6.15::el8
Vendors & Products Redhat satellite Capsule
Redhat satellite Utils
References
Metrics threat_severity

None

threat_severity

Critical


Wed, 04 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 04 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Wed, 04 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Title Puppet-foreman: an authentication bypass vulnerability exists in foreman
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-287
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-04T13:41:17.877Z

Updated: 2024-11-24T18:50:52.716Z

Reserved: 2024-07-23T05:02:30.865Z

Link: CVE-2024-7012

cve-icon Vulnrichment

Updated: 2024-09-04T14:18:58.584Z

cve-icon NVD

Status : Modified

Published: 2024-09-04T14:15:14.570

Modified: 2024-11-06T09:15:04.187

Link: CVE-2024-7012

cve-icon Redhat

Severity : Critical

Publid Date: 2024-09-04T13:14:02Z

Links: CVE-2024-7012 - Bugzilla