Foreman is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.
Foreman is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.
Red Hat Satellite is not affected by the flaw as the product required the Puppet CA as the primary trusted CA which does not allow to sign certificate requests that have subject alternative names by default.
To mitigate the flaw, users are advised to set `allow-authorization-extensions` to the `false` in `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration file.
Vulmon