Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:8906 [No types assigned]

Red Hat, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
     *cpe:2.3:a:redhat:satellite:6.13:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:satellite:6.14:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://access.redhat.com/errata/RHSA-2024:6335 No Types Assigned

https://access.redhat.com/errata/RHSA-2024:6335 Vendor Advisory

https://access.redhat.com/errata/RHSA-2024:6336 No Types Assigned

https://access.redhat.com/errata/RHSA-2024:6336 Vendor Advisory

https://access.redhat.com/errata/RHSA-2024:6337 No Types Assigned

https://access.redhat.com/errata/RHSA-2024:6337 Vendor Advisory

https://access.redhat.com/security/cve/CVE-2024-7012 No Types Assigned

https://access.redhat.com/security/cve/CVE-2024-7012 Mitigation, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2299429 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=2299429 Issue Tracking

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:6335 [No types assigned]

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:6336 [No types assigned]

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:6337 [No types assigned]

Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Red Hat, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat, Inc. CWE-287

An authentication bypass vulnerability has been identified in Foreman when deployed with Gunicorn versions prior to 22.0, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2024-7012 [No types assigned]

Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2299429 [No types assigned]