Foreman Authentication Bypass Vulnerability
CVE-2024-7012
9.8CRITICAL
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Satellite 6.13 For Rhel 8
- Red Hat Satellite 6.14 For Rhel 8
- Red Hat Satellite 6.15 For Rhel 8
- Vendor
- CVE Published:
- 4 September 2024
Summary
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Affected Version(s)
Red Hat Satellite 6.13 for RHEL 8 <= 1:3.5.2.8-1.el8sat
Red Hat Satellite 6.13 for RHEL 8 <= 1:3.5.2.8-1.el8sat
Red Hat Satellite 6.14 for RHEL 8 <= 1:3.7.0.8-1.el8sat
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database