Red Hat Satellite update for gRPC
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-11407 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system satellite (Red Hat package) Operating systems & Components / Operating system package or component rubygem-katello (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_theme_satellite (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_maintain (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_leapp (Red Hat package) Operating systems & Components / Operating system package or component python-wcmatch (Red Hat package) Operating systems & Components / Operating system package or component python-tenacity (Red Hat package) Operating systems & Components / Operating system package or component python-ruamel-yaml-clib (Red Hat package) Operating systems & Components / Operating system package or component python-ruamel-yaml (Red Hat package) Operating systems & Components / Operating system package or component python-rich (Red Hat package) Operating systems & Components / Operating system package or component python-grpcio (Red Hat package) Operating systems & Components / Operating system package or component python-galaxy-importer (Red Hat package) Operating systems & Components / Operating system package or component python-enrich (Red Hat package) Operating systems & Components / Operating system package or component python-dataclasses (Red Hat package) Operating systems & Components / Operating system package or component python-commonmark (Red Hat package) Operating systems & Components / Operating system package or component python-colorama (Red Hat package) Operating systems & Components / Operating system package or component python-bracex (Red Hat package) Operating systems & Components / Operating system package or component foreman-installer (Red Hat package) Operating systems & Components / Operating system package or component foreman (Red Hat package) Operating systems & Components / Operating system package or component ansible-lint (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU101889
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-11407
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64: 8.0 - 9
satellite (Red Hat package): before 6.16.2-1.el8sat
rubygem-katello (Red Hat package): before 4.14.0.6-1.el8sat
rubygem-foreman_theme_satellite (Red Hat package): before 13.3.3-1.el8sat
rubygem-foreman_maintain (Red Hat package): before 1.7.11-1.el8sat
rubygem-foreman_leapp (Red Hat package): before 1.2.3-1.el8sat
python-wcmatch (Red Hat package): before 8.3-5.el9pc
python-tenacity (Red Hat package): before 7.0.0-5.el9pc
python-ruamel-yaml-clib (Red Hat package): before 0.2.7-4.el9pc
python-ruamel-yaml (Red Hat package): before 0.17.21-5.el9pc
python-rich (Red Hat package): before 13.3.1-7.el9pc
python-grpcio (Red Hat package): before 1.68.1-1.el8pc
python-galaxy-importer (Red Hat package): before 0.4.19-3.el8pc
python-enrich (Red Hat package): before 1.2.6-7.el9pc
python-dataclasses (Red Hat package): before 0.8-7.el9pc
python-commonmark (Red Hat package): before 0.9.1-9.el9pc
python-colorama (Red Hat package): before 0.4.4-7.el9pc
python-bracex (Red Hat package): before 2.2.1-6.el9pc
foreman-installer (Red Hat package): before 3.12.0.4-1.el8sat
foreman (Red Hat package): before 3.12.0.2-1.el8sat
ansible-lint (Red Hat package): before 5.4.0-1.el9pc
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:satellite_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rubygem-katello_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rubygem-foreman_theme_satellite_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rubygem-foreman_maintain_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:rubygem-foreman_leapp_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-wcmatch_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-tenacity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ruamel-yaml-clib_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-ruamel-yaml_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-rich_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-grpcio_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-galaxy-importer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-enrich_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-dataclasses_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-commonmark_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-colorama_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-bracex_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:foreman-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:foreman_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ansible-lint_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2025:1019
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
