Unrated severityNVD Advisory· Published Sep 4, 2024· Updated Nov 11, 2025

Puppet-foreman: an authentication bypass vulnerability exists in foreman

CVE-2024-7012

Description

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Theforeman/Puppet Foremaninferred
Theforeman/Foremanllm-fuzzy

Patches

Vulnerability mechanics

References

access.redhat.com/errata/RHSA-2024:6335mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:6336mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:6337mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:8906mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-7012mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000