From 34fce510ebdf3b986e2db5205b42edce33023d3a Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Wed, 4 Sep 2024 16:12:35 +0200 Subject: [PATCH] add CVE-2024-7923 and CVE-2024-7012 --- security.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security.md b/security.md index 11c2b42e2f..24a86e0dd5 100644 --- a/security.md +++ b/security.md @@ -15,6 +15,8 @@ The policy of the project is to treat all newly reported issues as private, and All security advisories made for Foreman are listed below with their corresponding [CVE identifier](https://cve.mitre.org/). +* [CVE-2024-7923: Authentication bypass in Pulpcore](security.html#2024-7923) +* [CVE-2024-7012: Authentication bypass in Foreman](security.html#2024-7012) * [CVE-2023-4886: World readable tomcat server.xml contains passwords](security.html#2023-4886) * [CVE-2022-4130: Blind SSRF via Referer header](security.html#2022-4130) * [CVE-2022-3874: OS command injection via ct_command and fcct_command](security.html#2022-3874) @@ -90,6 +92,32 @@ All security advisories made for Foreman are listed below with their correspondi ### Disclosure details +#### CVE-2024-7923: Authentication bypass in Pulpcore + +An authentication bypass vulnerability has been identified in Pulpcore when +deployed by the Foreman Installer with Gunicorn versions prior to 22.0. + +This issue arises from the way Apache is configured to do certificate authentication and +pass this information to the Gunicorn backend, +without unsetting all headers coming from a possibly malicious client. + +* Affects Katello 4.0.0 and higher +* Fix released in Foreman 3.10.1, 3.11.2, 3.12.0 +* GitHub PR [puppet-pulpcore#357](https://github.com/theforeman/puppet-pulpcore/pull/357) + +#### CVE-2024-7012: Authentication bypass in Foreman + +An authentication bypass vulnerability has been identified in Foreman when +deployed by the Foreman Installer with External Authentication. + +This issue arises from the way Apache is configured to do certificate authentication and +pass this information to the Puma backend, +without unsetting all headers coming from a possibly malicious client. + +* Affects Foreman 2.2.0 and higher +* Fix released in Foreman 3.10.1, 3.11.2, 3.12.0 +* GitHub PR [puppet-foreman#1181](https://github.com/theforeman/puppet-foreman/pull/1181) + #### CVE-2023-4886: World readable tomcat server.xml contains passwords The world readable file `/etc/tomcat/server.xml` contains passwords for the keystore and truststore.