An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apaches mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Satellite | Redhat | 6.13 (including) | 6.13 (including) |
| Satellite | Redhat | 6.14 (including) | 6.14 (including) |
| Satellite | Redhat | 6.15 (including) | 6.15 (including) |
| Red Hat Satellite 6.13 for RHEL 8 | RedHat | foreman-installer-1:3.5.2.8-1.el8sat | * |
| Red Hat Satellite 6.13 for RHEL 8 | RedHat | foreman-installer-1:3.5.2.8-1.el8sat | * |
| Red Hat Satellite 6.14 for RHEL 8 | RedHat | foreman-installer-1:3.7.0.8-1.el8sat | * |
| Red Hat Satellite 6.14 for RHEL 8 | RedHat | foreman-installer-1:3.7.0.8-1.el8sat | * |
| Red Hat Satellite 6.15 for RHEL 8 | RedHat | foreman-installer-1:3.9.3.4-1.el8sat | * |
| Red Hat Satellite 6.15 for RHEL 8 | RedHat | foreman-installer-1:3.9.3.4-1.el8sat | * |
| Red Hat Satellite 6.16 for RHEL 8 | RedHat | foreman-installer-1:3.12.0.1-1.el8sat | * |
| Red Hat Satellite 6.16 for RHEL 8 | RedHat | foreman-installer-1:3.12.0.1-1.el8sat | * |
| Red Hat Satellite 6.16 for RHEL 9 | RedHat | foreman-installer-1:3.12.0.1-1.el9sat | * |
| Red Hat Satellite 6.16 for RHEL 9 | RedHat | foreman-installer-1:3.12.0.1-1.el9sat | * |