An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Satellite
  • Satellite Capsule
  • Satellite Maintenance
  • Satellite Utils

Configuration 1 [-]

OR cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Satellite 6.13 for RHEL 8
foreman-installer-1:3.5.2.8-1.el8sat cpe:/a:redhat:satellite:6.13::el8 RHSA-2024:6337 2024-09-04T00:00:00Z
foreman-installer-1:3.5.2.8-1.el8sat cpe:/a:redhat:satellite_capsule:6.13::el8 RHSA-2024:6337 2024-09-04T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
foreman-installer-1:3.7.0.8-1.el8sat cpe:/a:redhat:satellite:6.14::el8 RHSA-2024:6336 2024-09-04T00:00:00Z
foreman-installer-1:3.7.0.8-1.el8sat cpe:/a:redhat:satellite_capsule:6.14::el8 RHSA-2024:6336 2024-09-04T00:00:00Z
Red Hat Satellite 6.15 for RHEL 8
foreman-installer-1:3.9.3.4-1.el8sat cpe:/a:redhat:satellite:6.15::el8 RHSA-2024:6335 2024-09-04T00:00:00Z
foreman-installer-1:3.9.3.4-1.el8sat cpe:/a:redhat:satellite_capsule:6.15::el8 RHSA-2024:6335 2024-09-04T00:00:00Z
Red Hat Satellite 6.16 for RHEL 8
foreman-installer-1:3.12.0.1-1.el8sat cpe:/a:redhat:satellite:6.16::el8 RHSA-2024:8906 2024-11-05T00:00:00Z
foreman-installer-1:3.12.0.1-1.el8sat cpe:/a:redhat:satellite_capsule:6.16::el8 RHSA-2024:8906 2024-11-05T00:00:00Z
Red Hat Satellite 6.16 for RHEL 9
foreman-installer-1:3.12.0.1-1.el9sat cpe:/a:redhat:satellite:6.16::el9 RHSA-2024:8906 2024-11-05T00:00:00Z
foreman-installer-1:3.12.0.1-1.el9sat cpe:/a:redhat:satellite_capsule:6.16::el9 RHSA-2024:8906 2024-11-05T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:6335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6336 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6337 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8906 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-7012 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2299429 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-7012 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-7012 cve-icon
History

Wed, 06 Nov 2024 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Maintenance
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
cpe:/a:redhat:satellite_maintenance:6.16::el8
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite_utils:6.16::el8
cpe:/a:redhat:satellite_utils:6.16::el9
Vendors & Products Redhat satellite Maintenance
References

Mon, 23 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Sep 2024 06:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 18 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Sep 2024 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*

Wed, 04 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Capsule
Redhat satellite Utils
CPEs cpe:/a:redhat:satellite:6 cpe:/a:redhat:satellite:6.13::el8
cpe:/a:redhat:satellite:6.14::el8
cpe:/a:redhat:satellite:6.15::el8
cpe:/a:redhat:satellite_capsule:6.13::el8
cpe:/a:redhat:satellite_capsule:6.14::el8
cpe:/a:redhat:satellite_capsule:6.15::el8
cpe:/a:redhat:satellite_utils:6.13::el8
cpe:/a:redhat:satellite_utils:6.14::el8
cpe:/a:redhat:satellite_utils:6.15::el8
Vendors & Products Redhat satellite Capsule
Redhat satellite Utils
References
Metrics threat_severity

None

 threat_severity

Critical

Wed, 04 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Wed, 04 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Title Puppet-foreman: an authentication bypass vulnerability exists in foreman
First Time appeared Redhat
Redhat satellite
Weaknesses CWE-287
CPEs cpe:/a:redhat:satellite:6
Vendors & Products Redhat
Redhat satellite
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-04T13:41:17.877Z

Updated: 2024-11-06T13:57:20.623Z

Reserved: 2024-07-23T05:02:30.865Z

Link: CVE-2024-7012

cve-icon Vulnrichment

Updated: 2024-09-04T14:18:58.584Z

cve-icon NVD

Status : Modified

Published: 2024-09-04T14:15:14.570

Modified: 2024-11-06T09:15:04.187

Link: CVE-2024-7012

cve-icon Redhat

Severity : Critical

Publid Date: 2024-09-04T13:14:02Z

Links: CVE-2024-7012 - Bugzilla