{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7012", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-07-23T05:02:30.865Z", "datePublished": "2024-09-04T13:41:17.877Z", "dateUpdated": "2024-09-19T15:19:10.670Z"}, "containers": {"cna": {"title": "Puppet-foreman: an authentication bypass vulnerability exists in foreman", "metrics": [{"other": {"content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7012", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429", "name": "RHBZ#2299429", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-04T13:14:02.531632+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper Authentication", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-287: Improper Authentication", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-07-23T04:51:12+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:14:02.531632+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-19T15:19:10.670Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:32:24.815040Z", "id": "CVE-2024-7012", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:32:35.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T15:32:24.815040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:18:58.584Z"}}], "cna": {"title": "Puppet-foreman: an authentication bypass vulnerability exists in foreman", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-07-23T04:51:12+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:14:02.531632+00:00", "value": "Made public."}], "datePublic": "2024-09-04T13:14:02.531632+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7012", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429", "name": "RHBZ#2299429", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-19T05:46:44.532Z"}, "x_redhatCweChain": "CWE-287: Improper Authentication"}}, "cveMetadata": {"cveId": "CVE-2024-7012", "state": "PUBLISHED", "dateUpdated": "2024-09-19T05:46:44.532Z", "dateReserved": "2024-07-23T05:02:30.865Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-04T13:41:17.877Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*", "matchCriteriaId": "6532CA36-F59B-40E4-A6F6-0776CC4C3F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*", "matchCriteriaId": "1CA2D218-9A55-4906-A5B8-5E7C4245370F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*", "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Foreman cuando se implementa con autenticaci\u00f3n externa, debido a la configuraci\u00f3n puppet-foreman. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo."}], "id": "CVE-2024-7012", "lastModified": "2024-09-19T06:15:03.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2024-09-04T14:15:14.570", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6335"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6336"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6337"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-7012"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}], "bugzilla": {"description": "puppet-foreman: An authentication bypass vulnerability exists in Foreman", "id": "2299429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.", "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7012", "public_date": "2024-09-04T13:14:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7012\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7012"], "threat_severity": "Critical"}