{"id":"CVE-2021-3469","details":"Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.","modified":"2026-04-10T04:34:44.644675Z","published":"2021-06-03T20:15:08.617Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943630"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/theforeman/smart-proxy","events":[{"introduced":"0"},{"fixed":"a092d524737f25fe607febd4f2950923eb6c0f09"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.4"}]}}],"versions":["0.1","0.2","0.2rc2","0.3","1.0","1.0RC1","1.0RC2","1.1","1.1RC1","1.1RC2","1.1RC3","2.3.0","2.3.0-rc1","2.3.0-rc2","2.3.1","2.3.2","2.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3469.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}]}