Description
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
References
https://access.redhat.com/security/cve/CVE-2024-12840
https://bugzilla.redhat.com/show_bug.cgi?id=2333494