fkie_nvd - fkie_cve-2024-7923

FKIE_CVE-2024-7923

Vulnerability from fkie_nvd - Published: 2024-09-04 14:15 - Updated: 2024-11-24 19:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6335	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6336	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:6337	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8906
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-7923	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2305718	Issue Tracking

Impacted products

Vendor	Product	Version
redhat	satellite	6.13
redhat	satellite	6.14
redhat	satellite	6.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6532CA36-F59B-40E4-A6F6-0776CC4C3F78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA2D218-9A55-4906-A5B8-5E7C4245370F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Pulpcore cuando se implementa con versiones de Gunicorn anteriores a la 22.0, debido a la configuraci\u00f3n puppet-pulpcore. Este problema surge porque mod_proxy de Apache no anula los encabezados correctamente debido a las restricciones sobre los guiones bajos en los encabezados HTTP, lo que permite la autenticaci\u00f3n a trav\u00e9s de un encabezado mal formado. Esta falla afecta a todas las implementaciones de Satellite activas (6.13, 6.14 y 6.15) que utilizan la versi\u00f3n 3.0+ de Pulpcore y podr\u00eda permitir que usuarios no autorizados obtengan acceso administrativo."
    }
  ],
  "id": "CVE-2024-7923",
  "lastModified": "2024-11-24T19:15:05.933",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-04T14:15:14.800",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6335"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6336"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:6337"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:8906"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-7923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-7923 (GCVE-0-2024-7923)

Vulnerability from cvelistv5 – Published: 2024-09-04 13:41 – Updated: 2025-11-11 16:12

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6335	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6336	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6337	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8906	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7923	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2305718	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0 (custom)

Red Hat	Red Hat Satellite 6.13 for RHEL 8	Unaffected: 1:3.5.2.8-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite_capsule:6.13::el8
Red Hat	Red Hat Satellite 6.13 for RHEL 8	Unaffected: 1:3.5.2.8-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite:6.13::el8 cpe:/a:redhat:satellite_capsule:6.13::el8
Red Hat	Red Hat Satellite 6.14 for RHEL 8	Unaffected: 1:3.7.0.8-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8
Red Hat	Red Hat Satellite 6.14 for RHEL 8	Unaffected: 1:3.7.0.8-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 1:3.9.3.4-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 1:3.9.3.4-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 1:3.12.0.1-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 1:3.12.0.1-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 1:3.12.0.1-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 1:3.12.0.1-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers	cpe:/a:redhat:rhui:4::el8
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers	cpe:/a:redhat:rhui:4::el8
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers	cpe:/a:redhat:rhui:4::el8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T15:28:06.080066Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T15:29:14.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/puppet-pulpcore",
          "defaultStatus": "unaffected",
          "packageName": "pulpcore",
          "versions": [
            {
              "lessThan": "22.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.13::el8",
            "cpe:/a:redhat:satellite:6.13::el8",
            "cpe:/a:redhat:satellite_capsule:6.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.13 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.5.2.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.13::el8",
            "cpe:/a:redhat:satellite:6.13::el8",
            "cpe:/a:redhat:satellite_capsule:6.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.13 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.5.2.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.7.0.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.7.0.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.9.3.4-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.9.3.4-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el9",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_maintenance:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman-installer",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:3.12.0.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "pulpcore-selinux",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-pulpcore",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-pulpcore-client",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-04T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache\u0027s mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Critical"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:12:18.584Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6335"
        },
        {
          "name": "RHSA-2024:6336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6336"
        },
        {
          "name": "RHSA-2024:6337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6337"
        },
        {
          "name": "RHSA-2024:8906",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8906"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7923"
        },
        {
          "name": "RHBZ#2305718",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305718"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-19T12:36:58.759000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-04T13:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7923",
    "datePublished": "2024-09-04T13:41:48.872Z",
    "dateReserved": "2024-08-19T12:40:08.047Z",
    "dateUpdated": "2025-11-11T16:12:18.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-7923

CVE-2024-7923 (GCVE-0-2024-7923)

Tags

Sightings

Nomenclature