Multiple vulnerabilities in Red Hat Satellite 6.16

Published: 2025-03-24

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2024-56326 CVE-2024-56374 CVE-2024-35195
CWE-ID	CWE-254 CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Red Hat Satellite Server applications / Other server solutions Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system scap-security-guide-satellite (Red Hat package) Operating systems & Components / Operating system package or component satellite (Red Hat package) Operating systems & Components / Operating system package or component rubygem-katello (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_theme_satellite (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_remote_execution (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_openscap (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_maintain (Red Hat package) Operating systems & Components / Operating system package or component rubygem-foreman_ansible (Red Hat package) Operating systems & Components / Operating system package or component python-requests (Red Hat package) Operating systems & Components / Operating system package or component python-pulpcore (Red Hat package) Operating systems & Components / Operating system package or component python-pulp-glue (Red Hat package) Operating systems & Components / Operating system package or component python-pulp-container (Red Hat package) Operating systems & Components / Operating system package or component python-pulp-cli (Red Hat package) Operating systems & Components / Operating system package or component python-jinja2 (Red Hat package) Operating systems & Components / Operating system package or component python-django (Red Hat package) Operating systems & Components / Operating system package or component foreman-installer (Red Hat package) Operating systems & Components / Operating system package or component foreman (Red Hat package) Operating systems & Components / Operating system package or component candlepin (Red Hat package) Operating systems & Components / Operating system package or component
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU101972

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56326

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to bypass sandbox restrictions.

The vulnerability exists in the way the Jinja sandboxed environment detects calls to str.format. A local user with the ability to control the contents of a template can bypass sandbox restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.16.0 - 6.16.2

Red Hat Enterprise Linux for x86_64: 8.0 - 9

scap-security-guide-satellite (Red Hat package): before 1.0.0-1.el8sat

satellite (Red Hat package): before 6.16.3-2.el8sat

rubygem-katello (Red Hat package): before 4.14.0.8-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 13.3.5-1.el8sat

rubygem-foreman_remote_execution (Red Hat package): before 13.2.7-1.el8sat

rubygem-foreman_openscap (Red Hat package): before 9.0.5-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.7.12-1.el8sat

rubygem-foreman_ansible (Red Hat package): before 14.2.3-1.el8sat

python-requests (Red Hat package): before 2.32.3-2.el8pc

python-pulpcore (Red Hat package): before 3.49.33-1.el8pc

python-pulp-glue (Red Hat package): before 0.29.2-2.el8pc

python-pulp-container (Red Hat package): before 2.20.5-1.el8pc

python-pulp-cli (Red Hat package): before 0.29.2-2.el8pc

python-jinja2 (Red Hat package): before 3.1.5-1.el8pc

python-django (Red Hat package): before 4.2.19-1.el8pc

foreman-installer (Red Hat package): before 3.12.0.4-2.el8sat

foreman (Red Hat package): before 3.12.0.6-1.el8sat

candlepin (Red Hat package): before 4.4.21-1.el8sat

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2025:2399

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU103000

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-56374

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due lack of upper-bound limit enforcement in strings passed when performing IPv6 validation in clean_ipv6_address() and is_valid_ipv6_address() functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.16.0 - 6.16.2

Red Hat Enterprise Linux for x86_64: 8.0 - 9

scap-security-guide-satellite (Red Hat package): before 1.0.0-1.el8sat

satellite (Red Hat package): before 6.16.3-2.el8sat

rubygem-katello (Red Hat package): before 4.14.0.8-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 13.3.5-1.el8sat

rubygem-foreman_remote_execution (Red Hat package): before 13.2.7-1.el8sat

rubygem-foreman_openscap (Red Hat package): before 9.0.5-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.7.12-1.el8sat

rubygem-foreman_ansible (Red Hat package): before 14.2.3-1.el8sat

python-requests (Red Hat package): before 2.32.3-2.el8pc

python-pulpcore (Red Hat package): before 3.49.33-1.el8pc

python-pulp-glue (Red Hat package): before 0.29.2-2.el8pc

python-pulp-container (Red Hat package): before 2.20.5-1.el8pc

python-pulp-cli (Red Hat package): before 0.29.2-2.el8pc

python-jinja2 (Red Hat package): before 3.1.5-1.el8pc

python-django (Red Hat package): before 4.2.19-1.el8pc

foreman-installer (Red Hat package): before 3.12.0.4-2.el8sat

foreman (Red Hat package): before 3.12.0.6-1.el8sat

candlepin (Red Hat package): before 4.4.21-1.el8sat

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2025:2399

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security features bypass

EUVDB-ID: #VU90156

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35195

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the session object does not verify requests after making first request with verify=False. A local administrator can bypass authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.16.0 - 6.16.2

Red Hat Enterprise Linux for x86_64: 8.0 - 9

scap-security-guide-satellite (Red Hat package): before 1.0.0-1.el8sat

satellite (Red Hat package): before 6.16.3-2.el8sat

rubygem-katello (Red Hat package): before 4.14.0.8-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 13.3.5-1.el8sat

rubygem-foreman_remote_execution (Red Hat package): before 13.2.7-1.el8sat

rubygem-foreman_openscap (Red Hat package): before 9.0.5-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.7.12-1.el8sat

rubygem-foreman_ansible (Red Hat package): before 14.2.3-1.el8sat

python-requests (Red Hat package): before 2.32.3-2.el8pc

python-pulpcore (Red Hat package): before 3.49.33-1.el8pc

python-pulp-glue (Red Hat package): before 0.29.2-2.el8pc

python-pulp-container (Red Hat package): before 2.20.5-1.el8pc

python-pulp-cli (Red Hat package): before 0.29.2-2.el8pc

python-jinja2 (Red Hat package): before 3.1.5-1.el8pc

python-django (Red Hat package): before 4.2.19-1.el8pc

foreman-installer (Red Hat package): before 3.12.0.4-2.el8sat

foreman (Red Hat package): before 3.12.0.6-1.el8sat

candlepin (Red Hat package): before 4.4.21-1.el8sat

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2025:2399

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.