CVE-2024-7012 (GCVE-0-2024-7012)

Vulnerability from cvelistv5 – Published: 2024-09-04 13:41 – Updated: 2025-11-11 15:29
VLAI?
Summary
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-287 - Improper Authentication
Assigner
References
https://access.redhat.com/errata/RHSA-2024:6335 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6337 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8906 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7012 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2299429 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 22.0 (semver)
    Red Hat Red Hat Satellite 6.13 for RHEL 8 Unaffected: 1:3.5.2.8-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.13::el8
    cpe:/a:redhat:satellite_capsule:6.13::el8
    cpe:/a:redhat:satellite_utils:6.13::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.13 for RHEL 8 Unaffected: 1:3.5.2.8-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.13::el8
    cpe:/a:redhat:satellite_capsule:6.13::el8
    cpe:/a:redhat:satellite_utils:6.13::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 1:3.7.0.8-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 1:3.7.0.8-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 1:3.9.3.4-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 1:3.9.3.4-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 1:3.12.0.1-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el9
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 1:3.12.0.1-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el9
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 1:3.12.0.1-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el9
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 1:3.12.0.1-1.el9sat , < * (rpm)
    cpe:/a:redhat:satellite:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el9
    cpe:/a:redhat:satellite_utils:6.16::el9
    cpe:/a:redhat:satellite:6.16::el8
    cpe:/a:redhat:satellite_maintenance:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el8
    cpe:/a:redhat:satellite_capsule:6.16::el9
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T17:16:24.550968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T17:16:34.903Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/puppet-foreman",
          "defaultStatus": "unaffected",
          "packageName": "puppet-foreman",
          "versions": [
            {
              "lessThan": "22.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.13::el8",
            "cpe:/a:redhat:satellite_capsule:6.13::el8",
            "cpe:/a:redhat:satellite_utils:6.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.13 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.5.2.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.13::el8",
            "cpe:/a:redhat:satellite_capsule:6.13::el8",
            "cpe:/a:redhat:satellite_utils:6.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.13 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.5.2.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.7.0.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.7.0.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.9.3.4-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.9.3.4-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-09-04T13:14:02.531Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Critical"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:29:25.711Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6335"
        },
        {
          "name": "RHSA-2024:6336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6336"
        },
        {
          "name": "RHSA-2024:6337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6337"
        },
        {
          "name": "RHSA-2024:8906",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8906"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7012"
        },
        {
          "name": "RHBZ#2299429",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299429"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-23T04:51:12+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-04T13:14:02.531632+00:00",
          "value": "Made public."
        }
      ],
      "title": "Puppet-foreman: an authentication bypass vulnerability exists in foreman",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7012",
    "datePublished": "2024-09-04T13:41:17.877Z",
    "dateReserved": "2024-07-23T05:02:30.865Z",
    "dateUpdated": "2025-11-11T15:29:25.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6532CA36-F59B-40E4-A6F6-0776CC4C3F78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA2D218-9A55-4906-A5B8-5E7C4245370F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F12DC81-33E9-4693-8636-7A1AD20D5CA1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en Foreman cuando se implementa con autenticaci\\u00f3n externa, debido a la configuraci\\u00f3n puppet-foreman. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\\u00f3n a trav\\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) y podr\\u00eda permitir que usuarios no autorizados obtengan acceso administrativo.\"}]",
      "id": "CVE-2024-7012",
      "lastModified": "2024-11-06T09:15:04.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-04T14:15:14.570",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:6335\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6336\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6337\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8906\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-7012\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2299429\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7012\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-09-04T14:15:14.570\",\"lastModified\":\"2024-11-06T09:15:04.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Foreman cuando se implementa con autenticaci\u00f3n externa, debido a la configuraci\u00f3n puppet-foreman. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6532CA36-F59B-40E4-A6F6-0776CC4C3F78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA2D218-9A55-4906-A5B8-5E7C4245370F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F12DC81-33E9-4693-8636-7A1AD20D5CA1\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6335\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6336\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6337\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8906\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-7012\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2299429\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7012\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-23T17:16:24.550968Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T14:18:58.584Z\"}}], \"cna\": {\"title\": \"Puppet-foreman: an authentication bypass vulnerability exists in foreman\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Critical\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.0\", \"versionType\": \"semver\"}], \"packageName\": \"puppet-foreman\", \"collectionURL\": \"https://github.com/theforeman/puppet-foreman\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.13::el8\", \"cpe:/a:redhat:satellite_capsule:6.13::el8\", \"cpe:/a:redhat:satellite_utils:6.13::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.13 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.5.2.8-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.13::el8\", \"cpe:/a:redhat:satellite_capsule:6.13::el8\", \"cpe:/a:redhat:satellite_utils:6.13::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.13 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.5.2.8-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.14::el8\", \"cpe:/a:redhat:satellite_capsule:6.14::el8\", \"cpe:/a:redhat:satellite_utils:6.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.14 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.7.0.8-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.14::el8\", \"cpe:/a:redhat:satellite_capsule:6.14::el8\", \"cpe:/a:redhat:satellite_utils:6.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.14 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.7.0.8-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.15::el8\", \"cpe:/a:redhat:satellite_utils:6.15::el8\", \"cpe:/a:redhat:satellite_capsule:6.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.15 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.9.3.4-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.15::el8\", \"cpe:/a:redhat:satellite_utils:6.15::el8\", \"cpe:/a:redhat:satellite_capsule:6.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.15 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.9.3.4-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\", \"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.12.0.1-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\", \"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.12.0.1-1.el8sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\", \"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.12.0.1-1.el9sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\", \"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:3.12.0.1-1.el9sat\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"foreman-installer\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-07-23T04:51:12+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-09-04T13:14:02.531632+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-09-04T13:14:02.531Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:6335\", \"name\": \"RHSA-2024:6335\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6336\", \"name\": \"RHSA-2024:6336\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:6337\", \"name\": \"RHSA-2024:6337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8906\", \"name\": \"RHSA-2024:8906\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-7012\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2299429\", \"name\": \"RHBZ#2299429\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-11T15:29:25.711Z\"}, \"x_redhatCweChain\": \"CWE-287: Improper Authentication\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7012\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-11T15:29:25.711Z\", \"dateReserved\": \"2024-07-23T05:02:30.865Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-09-04T13:41:17.877Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.