Foreman Authentication Bypass Vulnerability

CVE-2024-7012

9.8CRITICAL

Key Information

Vendor
Red Hat
Status
Red Hat Satellite 6.13 For Rhel 8
Red Hat Satellite 6.14 For Rhel 8
Red Hat Satellite 6.15 For Rhel 8
Vendor
CVE Published:
4 September 2024

Summary

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Affected Version(s)

Red Hat Satellite 6.13 for RHEL 8 <= 1:3.5.2.8-1.el8sat

Red Hat Satellite 6.13 for RHEL 8 <= 1:3.5.2.8-1.el8sat

Red Hat Satellite 6.14 for RHEL 8 <= 1:3.7.0.8-1.el8sat

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.