CVE-2020-10716 – rubygem-foreman_ansible: "User input" entry from Job Invocation may contain sensitive data

https://notcve.org/view.php?id=CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4. Se encontró un fallo en Job Invocation de Red Hat Satellite, donde la entrada "User Input" no estaba restringida apropiadamente a la visualización. Este fallo permite a un usuario de Satellite malicioso escanear por medio del Job Invocation, con la capacidad de buscar contraseñas y otros datos confidenciales. • https://bugzilla.redhat.com/show_bug.cgi?id=1814998 https://bugzilla.redhat.com/show_bug.cgi?id=1827300 https://access.redhat.com/security/cve/CVE-2020-10716 • CWE-285: Improper Authorization •