Project

General

Profile

Bug #25001

CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature

Added by Ivan Necas almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
-
Target version:
-

Description

We have discovered a critical vulnerability in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts.

The affected component is Smart Proxy Dynflow, that exposes critical end-points without proper authorization.

The affected version of smart_proxy_dynflow package are 0.1.8 and later (Foreman >= 1.15)

This issue has been introduced as a regression with [1], where adding alternative authorization mechanism for async callback from remote hosts caused the original authorization to by bypassed.

[1] https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2


Related issues

Related to Smart Proxy - Feature #21605: Make authentication extendableClosed

Associated revisions

Revision 4b5779bc (diff)
Added by Ivan Necas almost 2 years ago

Fixes #25001 - CVE-2018-14643 - ensure auth (#54)

History

#1 Updated by The Foreman Bot almost 2 years ago

  • Assignee set to Ivan Necas
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart_proxy_dynflow/pull/54 added

#2 Updated by Ivan Necas almost 2 years ago

  • Status changed from Ready For Testing to Closed

#3 Updated by Ivan Necas almost 2 years ago

  • Subject changed from CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature to CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature
  • Fixed in Releases smart_proxy_dynflow-0.1.11 (Foreman 1.15), smart_proxy_dynflow-0.2.1 (Foreman 1.18) added

#4 Updated by Ivan Necas over 1 year ago

Also available in: Atom PDF