CVE-2021-3469

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.3.4 Foreman versions prior to 2.4.0

Description: The issue is related to improper authorization handling. An authenticated attacker can exploit this to impersonate the foreman-proxy if the product is configured to enable the Puppet Certificate Authority (CA) to sign certificate requests with subject alternative names (SANs). By default, Foreman does not enable SANs, and the allow-authorization-extensions setting is false unless the user explicitly changes the /etc/puppetlabs/puppetserver/conf.d/ca.conf configuration.

Recommendations: For Foreman versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. For Foreman versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the Puppet Certificate Authority (CA) from signing certificate requests with subject alternative names (SANs) by ensuring allow-authorization-extensions is set to false in the /etc/puppetlabs/puppetserver/conf.d/ca.conf configuration.