CVE & CISA-KEV Catalog

CVE-2024-4871

MEDIUM
6.8
CVSS v3
NVD

Description

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it.

How to fix

Remediation Available
candlepinRed Hat / RHEL
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
candlepinRocky
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
candlepin-selinuxRocky
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
candlepin-selinuxRed Hat / RHEL
Fixed in:0:4.3.14-1.el8satRHBA-2024:4589
foremanRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foremanRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-cliRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-cliRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-debugRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-debugRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-dynflow-sidekiqRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-dynflow-sidekiqRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-ec2Rocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-ec2Red Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-installerRocky
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
foreman-installerRed Hat / RHEL
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
foreman-installer-katelloRed Hat / RHEL
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
foreman-installer-katelloRocky
Fixed in:1:3.9.3.2-1.el8satRHBA-2024:4589
foreman-journaldRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-journaldRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-libvirtRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-libvirtRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-openstackRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-openstackRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-ovirtRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-ovirtRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-pcpRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-pcpRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-postgresqlRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-postgresqlRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-redisRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-redisRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-serviceRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-serviceRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-telemetryRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-telemetryRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-vmwareRed Hat / RHEL
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
foreman-vmwareRocky
Fixed in:0:3.9.1.8-1.el8satRHBA-2024:4589
python-pulp-containerRocky
Fixed in:0:2.16.9-1.el8pcRHBA-2024:4589
python-pulp-containerRed Hat / RHEL
Fixed in:0:2.16.9-1.el8pcRHBA-2024:4589
python-pulpcoreRed Hat / RHEL
Fixed in:0:3.39.15-1.el8pcRHBA-2024:4589
python-pulpcoreRocky
Fixed in:0:3.39.15-1.el8pcRHBA-2024:4589
python3.11-pulp-containerRed Hat / RHEL
Fixed in:0:2.16.9-1.el8pcRHBA-2024:4589
python3.11-pulp-containerRocky
Fixed in:0:2.16.9-1.el8pcRHBA-2024:4589
python3.11-pulpcoreRocky
Fixed in:0:3.39.15-1.el8pcRHBA-2024:4589
python3.11-pulpcoreRed Hat / RHEL
Fixed in:0:3.39.15-1.el8pcRHBA-2024:4589
rubygem-dynflowRed Hat / RHEL
Fixed in:0:1.8.3-1.el8satRHBA-2024:4589
Fixed in:0:1.8.3-1.el8satRHBA-2024:4589
rubygem-dynflowRocky
Fixed in:0:1.8.3-1.el8satRHBA-2024:4589
Fixed in:0:1.8.3-1.el8satRHBA-2024:4589
rubygem-foreman_ansibleRed Hat / RHEL
Fixed in:0:13.0.6-1.el8satRHBA-2024:4589
Fixed in:0:13.0.6-1.el8satRHBA-2024:4589
rubygem-foreman_ansibleRocky
Fixed in:0:13.0.6-1.el8satRHBA-2024:4589
Fixed in:0:13.0.6-1.el8satRHBA-2024:4589
rubygem-foreman_remote_executionRocky
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
rubygem-foreman_remote_executionRed Hat / RHEL
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
rubygem-foreman_remote_execution-cockpitRocky
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
rubygem-foreman_remote_execution-cockpitRed Hat / RHEL
Fixed in:0:12.0.7-1.el8satRHBA-2024:4589
rubygem-katelloRocky
Fixed in:0:4.11.0.15-1.el8satRHBA-2024:4589
Fixed in:0:4.11.0.15-1.el8satRHBA-2024:4589
rubygem-katelloRed Hat / RHEL
Fixed in:0:4.11.0.15-1.el8satRHBA-2024:4589
Fixed in:0:4.11.0.15-1.el8satRHBA-2024:4589
rubygem-smart_proxy_container_gatewayRed Hat / RHEL
Fixed in:0:3.0.0-1.el8satRHBA-2024:4589
Fixed in:0:3.0.0-1.el8satRHBA-2024:4589
rubygem-smart_proxy_container_gatewayRocky
Fixed in:0:3.0.0-1.el8satRHBA-2024:4589
Fixed in:0:3.0.0-1.el8satRHBA-2024:4589
rubygem-smart_proxy_remote_execution_sshRocky
Fixed in:0:0.10.6-1.el8satRHBA-2024:4589
Fixed in:0:0.10.6-1.el8satRHBA-2024:4589
rubygem-smart_proxy_remote_execution_sshRed Hat / RHEL
Fixed in:0:0.10.6-1.el8satRHBA-2024:4589
Fixed in:0:0.10.6-1.el8satRHBA-2024:4589
satelliteRed Hat / RHEL
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satelliteRocky
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-capsuleRocky
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-capsuleRed Hat / RHEL
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-cliRocky
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-cliRed Hat / RHEL
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-commonRocky
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589
satellite-commonRed Hat / RHEL
Fixed in:0:6.15.2-1.el8satRHBA-2024:4589

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploit Intelligence

0.61%probability of exploitation in 30 days
45thpercentile

Moderate risk: more likely to be exploited than 45% of all known CVEs.

References

Embed a live status badge for CVE-2024-4871
CVE-2024-4871 severity badge

Markdown

[![CVE-2024-4871](https://tridentstack.com/cve/badge/CVE-2024-4871.svg)](https://tridentstack.com/cve/CVE-2024-4871)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-4871"><img src="https://tridentstack.com/cve/badge/CVE-2024-4871.svg" alt="CVE-2024-4871"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.