Bug 2310406 (CVE-2024-8509) - CVE-2024-8509 Migration Toolkit for Virtualization: forklift-controller: Empty bearer token may perform authentication
Summary: CVE-2024-8509 Migration Toolkit for Virtualization: forklift-controller: Empt...
Keywords:
Status: VERIFIED
Alias: CVE-2024-8509
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-06 12:56 UTC by OSIDB Bzimport
Modified: 2024-09-09 12:47 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:6487 0 None None None 2024-09-09 10:39:34 UTC

Description OSIDB Bzimport 2024-09-06 12:56:56 UTC 
It was identified a security vulnerability against the API. No verification is being performed against the Authorization header except ensuring that it uses bearer authentication. For example, a malicious user can make a query against the API with a random string bearer token as shown below:

curl -vvvkL -H "Authorization: Bearer foobar" "https://<forklift_inventory_route_hostname>/providers"

Without a Authorization header and some form of Bearer token, a 401 is produced. However, the mere presence of a token value provides a 200 response with the requested information.
Comment 1 Fabian Deutsch 2024-09-09 09:43:23 UTC 
Moving to verified according to MTV-1422
Comment 2 errata-xmlrpc 2024-09-09 10:39:33 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Virtualization 2.6

Via RHSA-2024:6487 https://access.redhat.com/errata/RHSA-2024:6487
Note You need to log in before you can comment on or make changes to this bug.