CVE-2021-3469
Last modified
CVE-2021-3469 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 2.3.4 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1943630Issue Tracking, Mitigation, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1943630Issue Tracking, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3469?
How severe is CVE-2021-3469?
How do I fix CVE-2021-3469?
Are you affected by CVE-2021-3469?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST