CVE-2021-3469

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 67.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman

Timeline

PublishedJun 3

Latest updateMay 24

Description

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDtheforeman/foreman< 2.3.4

▶CVEListV5foremanforeman 2.3.4, foreman 2.4.0

🔴Vulnerability Details

GHSA

GHSA-gfhf-42qr-7pgh: Foreman versions before 2↗2022-05-24

▶

CVEList

CVE-2021-3469: Foreman versions before 2↗2021-06-03

▶

📋Vendor Advisories

Red Hat

Foreman: Impersonation vulnerability in Foreman↗2021-03-26

▶