CVE-2020-14371
https://notcve.org/view.php?id=CVE-2020-14371
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. Se ha encontrado una vulnerabilidad de filtrado de credenciales en Red Hat Satellite. Este fallo expone las credenciales de los recursos de computación mediante las VMs que se ejecutan en estos recursos en Satellite • https://bugzilla.redhat.com/show_bug.cgi?id=1873131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-14335 – foreman: world-readable OMAPI secret through the ISC DHCP server
https://notcve.org/view.php?id=CVE-2020-14335
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en Red Hat Satellite, que permite a un atacante privilegiado leer los secretos de OMAPI mediante el ISC DHCP de Smart-Proxy. Este fallo permite a un atacante conseguir el control de los registros DHCP de la red. • https://bugzilla.redhat.com/show_bug.cgi?id=1858302 https://access.redhat.com/security/cve/CVE-2020-14335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-3413 – Satellite: Azure compute resource secret_key leak to authenticated users
https://notcve.org/view.php?id=CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite en tfm-rubygem-foreman_azure_rm en versiones anteriores a 2.2.0. Se identificó una filtración de credenciales que expondrá la clave secreta de Azure Resource Manager mediante la salida JSON de la API. • https://bugzilla.redhat.com/show_bug.cgi?id=1930352 https://access.redhat.com/security/cve/CVE-2021-3413 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-20256 – Satellite: BMC controller credential leak via API
https://notcve.org/view.php?id=CVE-2021-20256
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite. La interfaz BMC expone la contraseña mediante la API a un atacante local autenticado con permiso view_hosts. • https://bugzilla.redhat.com/show_bug.cgi?id=1930926 https://access.redhat.com/security/cve/CVE-2021-20256 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-14334 – foreman: unauthorized cache read on RPM-based installations through local user
https://notcve.org/view.php?id=CVE-2020-14334
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. Se encontró un fallo en Red Hat Satellite versión 6, lo que permite a un atacante privilegiado leer los archivos de la caché. Estas credenciales de la caché podrían ayudar al atacante a conseguir el control completo de la instancia de Satellite A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. • https://bugzilla.redhat.com/show_bug.cgi?id=1858284 https://access.redhat.com/security/cve/CVE-2020-14334 • CWE-522: Insufficiently Protected Credentials •