fkie_nvd - fkie_cve-2024-7012

fkie_cve-2024-7012

Vulnerability from fkie_nvd

Published

2024-09-04 14:15

Modified

2024-11-06 09:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6335	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6336	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6337	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8906
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7012	Mitigation, Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2299429	Issue Tracking

Impacted products

Vendor	Product	Version
redhat	satellite	6.13
redhat	satellite	6.14
redhat	satellite	6.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6532CA36-F59B-40E4-A6F6-0776CC4C3F78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA2D218-9A55-4906-A5B8-5E7C4245370F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Foreman cuando se implementa con autenticaci\u00f3n externa, debido a la configuraci\u00f3n puppet-foreman. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo."
    }
  ],
  "id": "CVE-2024-7012",
  "lastModified": "2024-11-06T09:15:04.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-04T14:15:14.570",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6335"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6336"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6337"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:8906"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-7012"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-7012 (GCVE-0-2024-7012)

Vulnerability from cvelistv5

Published

2024-09-04 13:41

Modified

2025-11-11 15:29

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Summary

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6335	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6336	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6337	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8906	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7012	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2299429	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 0 ≤

Red Hat	Red Hat Satellite 6.13 for RHEL 8	Unaffected: 1:3.5.2.8-1.el8sat < * cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8
Red Hat	Red Hat Satellite 6.13 for RHEL 8	Unaffected: 1:3.5.2.8-1.el8sat < * cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8
Red Hat	Red Hat Satellite 6.14 for RHEL 8	Unaffected: 1:3.7.0.8-1.el8sat < * cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8
Red Hat	Red Hat Satellite 6.14 for RHEL 8	Unaffected: 1:3.7.0.8-1.el8sat < * cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 1:3.9.3.4-1.el8sat < * cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 1:3.9.3.4-1.el8sat < * cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 1:3.12.0.1-1.el8sat < * cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 1:3.12.0.1-1.el8sat < * cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 1:3.12.0.1-1.el9sat < * cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 1:3.12.0.1-1.el9sat < * cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9

Show details on NVD website