Auth Bypass in Foreman Satellite 6.13-6.15 via mod_proxy header issue
CVE-2024-7012 Published on September 4, 2024
Puppet-foreman: an authentication bypass vulnerability exists in foreman
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
Vulnerability Analysis
CVE-2024-7012 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Timeline
Reported to Red Hat.
Made public. 43 days later.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2024-7012 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2024-7012
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-7012 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.