{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7923", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-08-19T12:40:08.047Z", "datePublished": "2024-09-04T13:41:48.872Z", "dateUpdated": "2024-09-19T15:19:45.334Z"}, "containers": {"cna": {"title": "Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore", "metrics": [{"other": {"content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman-installer", "defaultStatus": "affected", "versions": [{"version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8", "cpe:/a:redhat:satellite:6.15::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7923", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718", "name": "RHBZ#2305718", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-04T13:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper Authentication", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-287: Improper Authentication", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-08-19T12:36:58.759000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-19T15:19:45.334Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:28:06.080066Z", "id": "CVE-2024-7923", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:29:14.242Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T15:28:06.080066Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:18:25.720Z"}}], "cna": {"title": "Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Critical", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.5.2.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.7.0.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.15::el8", "cpe:/a:redhat:satellite_utils:6.15::el8", "cpe:/a:redhat:satellite_capsule:6.15::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.15 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:3.9.3.4-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman-installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-08-19T12:36:58.759000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-04T13:00:00+00:00", "value": "Made public."}], "datePublic": "2024-09-04T13:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6335", "name": "RHSA-2024:6335", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6336", "name": "RHSA-2024:6336", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6337", "name": "RHSA-2024:6337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7923", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718", "name": "RHBZ#2305718", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T21:17:11.753Z"}, "x_redhatCweChain": "CWE-287: Improper Authentication"}}, "cveMetadata": {"cveId": "CVE-2024-7923", "state": "PUBLISHED", "dateUpdated": "2024-09-18T15:29:14.242Z", "dateReserved": "2024-08-19T12:40:08.047Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-04T13:41:48.872Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*", "matchCriteriaId": "6532CA36-F59B-40E4-A6F6-0776CC4C3F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*", "matchCriteriaId": "1CA2D218-9A55-4906-A5B8-5E7C4245370F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*", "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Pulpcore cuando se implementa con versiones de Gunicorn anteriores a la 22.0, debido a la configuraci\u00f3n puppet-pulpcore. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) que utilizan la versi\u00f3n 3.0+ de Pulpcore y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo."}], "id": "CVE-2024-7923", "lastModified": "2024-09-05T21:38:32.257", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T14:15:14.800", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6335"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6336"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:6337"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-7923"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6337", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "foreman-installer-1:3.5.2.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6336", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "foreman-installer-1:3.7.0.8-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6335", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "foreman-installer-1:3.9.3.4-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-09-04T00:00:00Z"}], "bugzilla": {"description": "puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore", "id": "2305718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.", "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7923", "public_date": "2024-09-04T13:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7923\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7923"], "threat_severity": "Critical"}