HomePentest-Tools.com Logo

Foreman < 2.3.4 Improper Authorization Vulnerability CVE-2021-3469

Severity
CVSSv3 Score
5.4
Vulnerability description

Foreman is prone to an improper authorization handling flaw.

Risk description

The SmartProxyAuth of the Foreman allows controllers to authenticate certain requests based on the client certificate. As Puppet CA will consider subject alternative names (SANs) from a certificate along with Common name (CN), Puppet CA will sign the certificate with SANs pointing at DNS names of the already existing certificate. An authenticated attacker can obtain a new certificate by crafting a Certificate Signing Request (CSR) made up with CN & SSNs and will then be able to impersonate the foreman-proxy to accept the request.

Recommendation

Update to version 2.3.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 3, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available