Main Vulnerability Database SB2024092064

SB2024092064 - Multiple vulnerabilities in Red Hat Satellite 6.15.3

Published: September 20, 2024

Security Bulletin ID SB2024092064

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2024-7012)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the puppet-foreman configuration when deployed with External Authentication. A remote attacker can send a specially crafted HTTP request to bypass authentication process and gain administrative access to the application.

2) Improper Authentication (CVE-ID: CVE-2024-7923)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the puppet-pulpcore configuration when deployed with Gunicorn versions prior to 22.0. A remote attacker can send a specially crafted HTTP request to bypass authentication process and gain administrative access to the application.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2024:6335