Bug #25001
CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:
Description
We have discovered a critical vulnerability in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts.
The affected component is Smart Proxy Dynflow, that exposes critical end-points without proper authorization.
The affected version of smart_proxy_dynflow package are 0.1.8 and later (Foreman >= 1.15)
This issue has been introduced as a regression with [1], where adding alternative authorization mechanism for async callback from remote hosts caused the original authorization to by bypassed.
Related issues
Associated revisions
History
#1
Updated by The Foreman Bot over 4 years ago
- Assignee set to Ivan Necas
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart_proxy_dynflow/pull/54 added
#2
Updated by Ivan Necas over 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_proxy_dynflow|4b5779bc11e8f0b92649e4de062335698114689c.
#3
Updated by Ivan Necas over 4 years ago
- Subject changed from CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature to CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature
- Fixed in Releases smart_proxy_dynflow-0.1.11 (Foreman 1.15), smart_proxy_dynflow-0.2.1 (Foreman 1.18) added
#4
Updated by Ivan Necas about 4 years ago
- Related to Feature #21605: Make authentication extendable added
Fixes #25001 - CVE-2018-14643 - ensure auth (#54)