Actions
Bug #37787
closedCVE-2024-7923: Authentication bypass in Pulpcore
Fixed in Releases:
Found in Releases:
Description
An authentication bypass vulnerability has been identified in Pulpcore when deployed by the Foreman Installer with Gunicorn versions prior to 22.0.
This issue arises from the way Apache is configured to do certificate authentication and pass this information to the Gunicorn backend, without unsetting all headers coming from a possibly malicious client.
Actions