CVE-2024-7012
published 2024-09-04CVE-2024-7012: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
51.0th percentile
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | satellite | — | — |
| redhat | satellite | — | — |
| redhat | satellite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass is achieved by sending a malformed HTTP header with underscores; Apache mod_proxy fails to unset headers containing underscores, allowing the header to pass through to Foreman and satisfy External Authentication checks. ↗
- →Monitor for unexpected administrative access or privilege escalation in Foreman/Satellite deployments (versions 6.13, 6.14, 6.15) that use External Authentication, as unauthorized users may gain admin access via this bypass. ↗
- ·The vulnerability only affects Foreman deployments configured with External Authentication via the puppet-foreman configuration. Deployments not using External Authentication are not impacted. ↗
- ·No mitigation is currently available that meets Red Hat Product Security criteria; patching is the recommended remediation path. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
puppet-foreman: An authentication bypass vulnerability exists in Foreman
vendor_redhat·2024-09-04·CVSS 9.8
CVE-2024-7012 [CRITICAL] CWE-287 puppet-foreman: An authentication bypass vulnerability exists in Foreman
puppet-foreman: An authentication bypass vulnerability exists in Foreman
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because o
GHSA
GHSA-gp3v-m4q9-3v8h: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configurat
ghsa_unreviewed·2024-09-04
CVE-2024-7012 [CRITICAL] CWE-287 GHSA-gp3v-m4q9-3v8h: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configurat
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-04
Published