QSearchQSearch

CVE-2021-3469

5.4 MEDIUM

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw

Published: 2021-06-03 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.4 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE
CWE-863

Affected products

VendorProduct
theforemanforeman

Description

Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-3457 An improper authorization handling flaw was found in Foreman (6.1 MEDIUM)
  • CVE-2021-3494 A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Midd... (5.9 MEDIUM)
  • CVE-2021-3413 A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0 (6.3 MEDIUM)

Same CWE

  • CVE-2026-53860 OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
  • CVE-2026-53855 OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
  • CVE-2026-53854 OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
  • CVE-2026-53853 OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
  • CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the g... (6.5 MEDIUM)