Red Hat Satellite and Foreman GraphQL API Authorization Bypass Vulnerability

An authorization flaw has been identified in Foreman's GraphQL API, allowing low-privileged users to access metadata beyond their assigned permissions. This vulnerability is present in Red Hat Satellite versions 6.15, 6.16, 6.17, and 6.18, all for RHEL 8 and 9. Unlike the REST API, which properly enforces access controls, the GraphQL endpoint fails to apply adequate filtering, resulting in an authorization bypass.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, allowing users to view data they should not have access to.

Reproduction

To reproduce this vulnerability, send a request to the GraphQL API endpoint without the necessary permissions. The response will include metadata that exceeds the user's authorized access, demonstrating the lack of proper authorization checks in the GraphQL API compared to the REST API.

Remediation

Users are advised to upgrade to Red Hat Satellite versions 6.17.0, 6.18.1, or 6.16.5.6, all of which include the necessary fix for this vulnerability.