Evgeni Golov

**Name of the Vulnerable Software and Affected Versions** foreman kubevirt (affected versions not specified) **Description** A security issue exists in foreman kubevirt related to SSL verification when connecting to OpenShift. By default, the system disables SSL verification if a Certificate Authority (CA) certificate is not provided. This configuration allows a remote attacker who can intercept network traffic between Satellite and OpenShift to conduct a Man-in-the-Middle (MITM) attack, potentially leading to the disclosure or alteration of sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fog-kubevirt (affected versions not specified) **Description** A flaw exists in fog-kubevirt that allows a remote attacker to conduct a Man-in-the-Middle (MITM) attack. This is due to disabled certificate validation, which enables the attacker to intercept and potentially modify sensitive communications between Satellite and OpenShift. This can lead to information disclosure and compromise data integrity. A MITM attack involves an attacker secretly relaying and potentially altering the communication between two parties who believe they are directly communicating with each other. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** A flaw was found in the Foreman project, specifically in the Datacenter plugin, which exposes the password through the API to an authenticated local attacker with view hosts permission. This poses a significant threat to data confidentiality and integrity, as well as system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** An issue with improper authorization handling was discovered, allowing authenticated local attackers to access and delete limited resources, and causing a denial of service on the server. The primary threats posed by this issue are to system integrity and availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** An improper authorization handling flaw was found, allowing an authenticated local attacker to access and delete limited resources, and also causing a denial of service on the server. The highest threat from this issue is to integrity and system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.3.4 Foreman versions prior to 2.4.0 Description: The issue is related to improper authorization handling. An authenticated attacker can exploit this to impersonate the foreman-proxy if the product is configured to enable the Puppet Certificate Authority (CA) to sign certificate requests with subject alternative names (SANs). By default, Foreman does not enable SANs, and the `allow-authorization-extensions` setting is `false` unless the user explicitly changes the `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration. Recommendations: For Foreman versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. For Foreman versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the Puppet Certificate Authority (CA) from signing certificate requests with subject alternative names (SANs) by ensuring `allow-authorization-extensions` is set to `false` in the `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration.

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, allowing an unauthenticated attacker to perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. Recommendations: For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FreeIPA module of the Foreman smart proxy to minimize the risk of exploitation. Avoid using the smart proxy's restful API for sensitive operations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite tfm-rubygem-foreman azure rm versions prior to 2.2.0 Description: A flaw in Red Hat Satellite's tfm-rubygem-foreman azure rm component can lead to a credential leak, exposing Azure Resource Manager's secret key through JSON in the API output. This issue primarily threatens data confidentiality and integrity, as well as system availability. Recommendations: For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the API output to minimize the risk of credential exposure.

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite (affected versions not specified) Description: A flaw was found in Red Hat Satellite, where the BMC interface exposes the password through the API to an authenticated local attacker with view hosts permission. This poses a significant threat to data confidentiality and integrity, as well as system availability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** katello-debug versions prior to 3.4.0 **Description** A flaw was found in katello-debug where certain scripts and log files used insecure temporary files, allowing a local user to conduct a symbolic-link attack and overwrite the contents of arbitrary files. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files used by the scripts and log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible versions prior to 2.3 **Description** The issue is related to input validation in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ansible server and limiting the privileges of the Ansible server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mutt versions prior to 1.5.23 **Description** The issue is related to multiple vulnerabilities in the Mutt package of the Debian GNU/Linux operating system, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. A buffer overflow in the copy.c file of Mutt before version 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. **Recommendations** For versions prior to 1.5.23, update to version 1.5.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the `copy.c` file or disabling the address expansion feature in Mutt until a patch is available. Avoid using crafted RFC2047 header lines in the affected Mutt versions to minimize the risk of exploitation.