CVE-2024-7923 - Vulnerability Details

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Redhat	Satellite Satellite Capsule Satellite Maintenance Satellite Utils

Configuration 1 [-]

OR	cpe:2.3:a:redhat:satellite:6.13:::::::*
	cpe:2.3:a:redhat:satellite:6.14:::::::*
	cpe:2.3:a:redhat:satellite:6.15:::::::*

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.13 for RHEL 8
foreman-installer-1:3.5.2.8-1.el8sat	cpe:/a:redhat:satellite:6.13::el8	RHSA-2024:6337	2024-09-04T00:00:00Z
foreman-installer-1:3.5.2.8-1.el8sat	cpe:/a:redhat:satellite_capsule:6.13::el8	RHSA-2024:6337	2024-09-04T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
foreman-installer-1:3.7.0.8-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2024:6336	2024-09-04T00:00:00Z
foreman-installer-1:3.7.0.8-1.el8sat	cpe:/a:redhat:satellite_capsule:6.14::el8	RHSA-2024:6336	2024-09-04T00:00:00Z
Red Hat Satellite 6.15 for RHEL 8
foreman-installer-1:3.9.3.4-1.el8sat	cpe:/a:redhat:satellite:6.15::el8	RHSA-2024:6335	2024-09-04T00:00:00Z
foreman-installer-1:3.9.3.4-1.el8sat	cpe:/a:redhat:satellite_capsule:6.15::el8	RHSA-2024:6335	2024-09-04T00:00:00Z
Red Hat Satellite 6.16 for RHEL 8
foreman-installer-1:3.12.0.1-1.el8sat	cpe:/a:redhat:satellite:6.16::el8	RHSA-2024:8906	2024-11-05T00:00:00Z
foreman-installer-1:3.12.0.1-1.el8sat	cpe:/a:redhat:satellite_capsule:6.16::el8	RHSA-2024:8906	2024-11-05T00:00:00Z
Red Hat Satellite 6.16 for RHEL 9
foreman-installer-1:3.12.0.1-1.el9sat	cpe:/a:redhat:satellite:6.16::el9	RHSA-2024:8906	2024-11-05T00:00:00Z
foreman-installer-1:3.12.0.1-1.el9sat	cpe:/a:redhat:satellite_capsule:6.16::el9	RHSA-2024:8906	2024-11-05T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:6335
https://access.redhat.com/errata/RHSA-2024:6336
https://access.redhat.com/errata/RHSA-2024:6337
https://access.redhat.com/errata/RHSA-2024:8906
https://access.redhat.com/security/cve/CVE-2024-7923
https://bugzilla.redhat.com/show_bug.cgi?id=2305718
https://nvd.nist.gov/vuln/detail/CVE-2024-7923
https://www.cve.org/CVERecord?id=CVE-2024-7923

History

Sun, 24 Nov 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Maintenance
CPEs		cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9
Vendors & Products		Redhat satellite Maintenance
References		https://access.redhat.com/errata/RHSA-2024:8906

Wed, 06 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9

Wed, 18 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 05 Sep 2024 22:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:redhat:satellite:6.13:::::::* cpe:2.3:a:redhat:satellite:6.14:::::::* cpe:2.3:a:redhat:satellite:6.15:::::::*
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 04 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Capsule Redhat satellite Utils
CPEs	~~cpe:/a:redhat:satellite:6~~	cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite_utils:6.15::el8
Vendors & Products		Redhat satellite Capsule Redhat satellite Utils
References		https://access.redhat.com/errata/RHSA-2024:6335 https://access.redhat.com/errata/RHSA-2024:6336 https://access.redhat.com/errata/RHSA-2024:6337 https://nvd.nist.gov/vuln/detail/CVE-2024-7923 https://www.cve.org/CVERecord?id=CVE-2024-7923
Metrics	threat_severity `None`	threat_severity `Critical`

Wed, 04 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Sep 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description	An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 4.0+ and could potentially enable unauthorized users to gain administrative access.	An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
Metrics	cvssV3_0 `{'score': 4.2, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}`	cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 04 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
Description		An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 4.0+ and could potentially enable unauthorized users to gain administrative access.
Title		Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore
First Time appeared		Redhat Redhat satellite
Weaknesses		CWE-287
CPEs		cpe:/a:redhat:satellite:6
Vendors & Products		Redhat Redhat satellite
References		https://access.redhat.com/security/cve/CVE-2024-7923 https://bugzilla.redhat.com/show_bug.cgi?id=2305718
Metrics		cvssV3_0 `{'score': 4.2, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-04T13:41:48.872Z

Updated: 2024-11-24T18:51:01.155Z

Reserved: 2024-08-19T12:40:08.047Z

Link: CVE-2024-7923

Vulnrichment

Updated: 2024-09-04T14:18:25.720Z

NVD

Status : Modified

Published: 2024-09-04T14:15:14.800

Modified: 2024-11-24T19:15:05.933

Link: CVE-2024-7923

Redhat

Severity : Critical

Publid Date: 2024-09-04T13:00:00Z

Links: CVE-2024-7923 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7923", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-08-19T12:40:08.047Z", "datePublished": "2024-09-04T13:41:48.872Z", "dateUpdated": "2024-11-24T18:51:01.155Z"}, "containers": {"cna": {"title": "Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore", "metrics": [{"other": {"content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "22.0", "versionType": "custom"}], "packageName": "pulpcore", "collectionURL": "https://github.com/theforeman/puppet-pulpcore", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8906", "name": "RHSA-2024:8906", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7923", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718", "name": "RHBZ#2305718", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-04T13:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper Authentication", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-287: Improper Authentication", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-08-19T12:36:58.759000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-24T18:51:01.155Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:28:06.080066Z", "id": "CVE-2024-7923", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:29:14.242Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T15:28:06.080066Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:18:25.720Z"}}], "cna": {"title": "Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "22.0", "versionType": "custom"}], "packageName": "pulpcore", "collectionURL": "https://github.com/theforeman/puppet-pulpcore", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.12.0.1-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.16::el9", "cpe:/a:redhat:satellite:6.16::el8", "cpe:/a:redhat:satellite_capsule:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el8", "cpe:/a:redhat:satellite_maintenance:6.16::el9", "cpe:/a:redhat:satellite_capsule:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el9", "cpe:/a:redhat:satellite_utils:6.16::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.16 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:3.12.0.1-1.el9sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-08-19T12:36:58.759000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:00:00+00:00", "value": "Made public."}], "datePublic": "2024-09-04T13:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8906", "name": "RHSA-2024:8906", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7923", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718", "name": "RHBZ#2305718", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-24T18:51:01.155Z"}, "x_redhatCweChain": "CWE-287: Improper Authentication"}}, "cveMetadata": {"cveId": "CVE-2024-7923", "state": "PUBLISHED", "dateUpdated": "2024-11-24T18:51:01.155Z", "dateReserved": "2024-08-19T12:40:08.047Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-04T13:41:48.872Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*", "matchCriteriaId": "6532CA36-F59B-40E4-A6F6-0776CC4C3F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*", "matchCriteriaId": "1CA2D218-9A55-4906-A5B8-5E7C4245370F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*", "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Pulpcore cuando se implementa con versiones de Gunicorn anteriores a la 22.0, debido a la configuraci\u00f3n puppet-pulpcore. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) que utilizan la versi\u00f3n 3.0+ de Pulpcore y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo."}], "id": "CVE-2024-7923", "lastModified": "2024-11-24T19:15:05.933", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T14:15:14.800", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6335"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6336"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6337"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:8906"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-7923"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:8906", "cpe": "cpe:/a:redhat:satellite:6.16::el8", "package": "foreman-installer-1:3.12.0.1-1.el8sat", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8906", "cpe": "cpe:/a:redhat:satellite_capsule:6.16::el8", "package": "foreman-installer-1:3.12.0.1-1.el8sat", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8906", "cpe": "cpe:/a:redhat:satellite:6.16::el9", "package": "foreman-installer-1:3.12.0.1-1.el9sat", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8906", "cpe": "cpe:/a:redhat:satellite_capsule:6.16::el9", "package": "foreman-installer-1:3.12.0.1-1.el9sat", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2024-11-05T00:00:00Z"}], "bugzilla": {"description": "puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore", "id": "2305718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.", "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7923", "public_date": "2024-09-04T13:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7923\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7923"], "statement": "This vulnerability is rated as Critical severity because this flaw allows attackers to gain unauthorized administrative access.", "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object