CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-6861 – Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
https://notcve.org/view.php?id=CVE-2024-6861
06 Nov 2024 — A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. • https://access.redhat.com/errata/RHSA-2022:8506 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-8553 – Foreman: read-only access to entire db from templates
https://notcve.org/view.php?id=CVE-2024-8553
31 Oct 2024 — A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is... • https://access.redhat.com/errata/RHSA-2024:8717 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7923 – Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore
https://notcve.org/view.php?id=CVE-2024-7923
04 Sep 2024 — An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain... • https://access.redhat.com/security/cve/CVE-2024-7923 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-7012 – Puppet-foreman: an authentication bypass vulnerability exists in foreman
https://notcve.org/view.php?id=CVE-2024-7012
04 Sep 2024 — An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. An update is now availab... • https://access.redhat.com/security/cve/CVE-2024-7012 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4871 – Foreman: host ssh key not being checked in remote execution
https://notcve.org/view.php?id=CVE-2024-4871
14 May 2024 — A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the S... • https://access.redhat.com/security/cve/CVE-2024-4871 • CWE-322: Key Exchange without Entity Authentication •