Fedora Account System
Red Hat Associate
Red Hat Customer
Description A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions and execute actions on the Red Hat Satellite server. The vulnerability stems from how the AuthMiddleware caches application state. Rather than caching response data, the server caches the fully authenticated ForemanApi client connection object in an in-memory dictionary (user_map), keyed by the non secret mcp-session-id. When processing subsequent requests, the middleware improperly treats the presence of this cached object as proof of current authentication failing to re-validate the foreman_token provided in the new request and blindly trusting any payload that includes an active session ID (mcp-session-id). Because the server logs all newly created session IDs at the INFO level (F-32 MCP Server: Insecure Sensitive HTTP Header Sanitization), an attacker can harvest a legitimate user's ID from standard logs. Even though the foreman_token header is required, itβs not evaluated after initialization. Also, the MCP server never terminates the session. It will trust that leaked mcp-session-id forever, or until the server itself is restarted. Impact The attacker achieves arbitrary API invocation capabilities by proxying JSON-RPC requests through the hijacked ForemanApi client instance. Because this cached object automatically injects the victim's valid Bearer authentication token into outgoing HTTP requests, the backend Red Hat Satellite server evaluates all requests against the victim's Role-Based Access Control (RBAC) profile. Successful exploitation leads to Privilege Escalation, granting an unauthenticated attacker the ability to execute Infrastructure-wide Remote Code Execution (RCE), if enabled. Recommendations Update AuthMiddleware to Implement Per-Request Token Validation. Every incoming request must validate the foreman_token, even if a session ID exists. The server must cryptographically verify the request header's token against the associated session's token. Mismatched tokens must result in a 401 Unauthorized rejection, and the session should be invalidated to prevent hijacking. This aligns with MCP security best practices, which mandate that authorization-implementing servers MUST verify all requests and MUST NOT use sessions for authentication.