Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add CVE-2024-7923 and CVE-2024-7012 #2172

Merged
merged 1 commit into from
Sep 4, 2024
Merged

add CVE-2024-7923 and CVE-2024-7012 #2172

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ The policy of the project is to treat all newly reported issues as private, and

All security advisories made for Foreman are listed below with their corresponding [CVE identifier](https://cve.mitre.org/).

* [CVE-2024-7923: Authentication bypass in Pulpcore](security.html#2024-7923)
* [CVE-2024-7012: Authentication bypass in Foreman](security.html#2024-7012)
* [CVE-2023-4886: World readable tomcat server.xml contains passwords](security.html#2023-4886)
* [CVE-2022-4130: Blind SSRF via Referer header](security.html#2022-4130)
* [CVE-2022-3874: OS command injection via ct_command and fcct_command](security.html#2022-3874)
Expand Down Expand Up @@ -90,6 +92,32 @@ All security advisories made for Foreman are listed below with their correspondi

### Disclosure details

#### <a id="2024-7923"></a>CVE-2024-7923: Authentication bypass in Pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when
deployed by the Foreman Installer with Gunicorn versions prior to 22.0.

This issue arises from the way Apache is configured to do certificate authentication and
pass this information to the Gunicorn backend,
without unsetting all headers coming from a possibly malicious client.

* Affects Katello 4.0.0 and higher
* Fix released in Foreman 3.10.1, 3.11.2, 3.12.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to self: I think 3.12.0 is sufficient, even if it was already released in rc2.

* GitHub PR [puppet-pulpcore#357](https://github.com/theforeman/puppet-pulpcore/pull/357)

#### <a id="2024-7012"></a>CVE-2024-7012: Authentication bypass in Foreman

An authentication bypass vulnerability has been identified in Foreman when
deployed by the Foreman Installer with External Authentication.

This issue arises from the way Apache is configured to do certificate authentication and
pass this information to the Puma backend,
without unsetting all headers coming from a possibly malicious client.

* Affects Foreman 2.2.0 and higher
* Fix released in Foreman 3.10.1, 3.11.2, 3.12.0
* GitHub PR [puppet-foreman#1181](https://github.com/theforeman/puppet-foreman/pull/1181)

#### <a id="2023-4886"></a>CVE-2023-4886: World readable tomcat server.xml contains passwords

The world readable file `/etc/tomcat/server.xml` contains passwords for the keystore and truststore.
Expand Down