Metrics
Affected Vendors & Products
Wed, 06 Nov 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat satellite Maintenance
|
|
CPEs | cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
Vendors & Products |
Redhat satellite Maintenance
|
|
References |
|
Mon, 23 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Thu, 19 Sep 2024 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 18 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Thu, 05 Sep 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:* |
Wed, 04 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat satellite Capsule
Redhat satellite Utils |
|
CPEs | cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite_utils:6.15::el8 |
|
Vendors & Products |
Redhat satellite Capsule
Redhat satellite Utils |
|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 04 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|
Wed, 04 Sep 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. | An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. |
Wed, 04 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. | |
Title | Puppet-foreman: an authentication bypass vulnerability exists in foreman | |
First Time appeared |
Redhat
Redhat satellite |
|
Weaknesses | CWE-287 | |
CPEs | cpe:/a:redhat:satellite:6 | |
Vendors & Products |
Redhat
Redhat satellite |
|
References |
| |
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-04T13:41:17.877Z
Updated: 2024-11-24T18:50:52.716Z
Reserved: 2024-07-23T05:02:30.865Z
Link: CVE-2024-7012
Updated: 2024-09-04T14:18:58.584Z
Status : Modified
Published: 2024-09-04T14:15:14.570
Modified: 2024-11-06T09:15:04.187
Link: CVE-2024-7012