Red Hat Foreman OpenSCAP Plugin Privilege Escalation via Client Certs (CVE-2021-20290)

Key Information Vulnerability Details Bug ID: Bug 1939701 (CVE-2021-20290) Vulnerability Name: smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy Status: NEW Priority: medium Severity: medium Reported Time: 2021-03-16 20:50 UTC Last Modified: 2023-07-07 08:28 UTC Affected Scope Product: Security Response Component: vulnerability Version: unspecified Hardware: All Operating System: Linux Vulnerability Description In Foreman, the OpenSCAP plugin for smart-proxy introduces a vulnerability that allows any client to perform operations on the Foreman server. If client systems have installed certificates issued by Puppet CA or Foreman’s consumer certificate, and signed by Katello CA, attackers can exploit these client certificates to access the OpenSCAP API and execute actions reserved exclusively for the Foreman server. Mitigation Measures To mitigate this vulnerability, the smart_proxy_openscap plugin must be disabled on the server. This can be done by editing and restarting the service, or by running the command . Statement The smart_proxy_openscap plugin used in Red Hat Satellite 6 is affected by this vulnerability. This vulnerability poses the greatest threat to system integrity and availability. Related Links Upstream Patch: https://github.com/theforeman/smart_proxy_openscap/pull/80 (Pending review)

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat Foreman OpenSCAP Plugin Privilege Escalation via Client Certs (CVE-2021-20290)