CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14335 – foreman: world-readable OMAPI secret through the ISC DHCP server
https://notcve.org/view.php?id=CVE-2020-14335
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en Red Hat Satellite, que permite a un atacante privilegiado leer los secretos de OMAPI mediante el ISC DHCP de Smart-Proxy. Este fallo permite a un atacante conseguir el control de los registros DHCP de la red. • https://bugzilla.redhat.com/show_bug.cgi?id=1858302 https://access.redhat.com/security/cve/CVE-2020-14335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3413 – Satellite: Azure compute resource secret_key leak to authenticated users
https://notcve.org/view.php?id=CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite en tfm-rubygem-foreman_azure_rm en versiones anteriores a 2.2.0. Se identificó una filtración de credenciales que expondrá la clave secreta de Azure Resource Manager mediante la salida JSON de la API. • https://bugzilla.redhat.com/show_bug.cgi?id=1930352 https://access.redhat.com/security/cve/CVE-2021-3413 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20256 – Satellite: BMC controller credential leak via API
https://notcve.org/view.php?id=CVE-2021-20256
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite. La interfaz BMC expone la contraseña mediante la API a un atacante local autenticado con permiso view_hosts. • https://bugzilla.redhat.com/show_bug.cgi?id=1930926 https://access.redhat.com/security/cve/CVE-2021-20256 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14334 – foreman: unauthorized cache read on RPM-based installations through local user
https://notcve.org/view.php?id=CVE-2020-14334
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. Se encontró un fallo en Red Hat Satellite versión 6, lo que permite a un atacante privilegiado leer los archivos de la caché. Estas credenciales de la caché podrían ayudar al atacante a conseguir el control completo de la instancia de Satellite A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. • https://bugzilla.redhat.com/show_bug.cgi?id=1858284 https://access.redhat.com/security/cve/CVE-2020-14334 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3590
https://notcve.org/view.php?id=CVE-2014-3590
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. Se descubrió que la implementación de la clase GTNSubjectCreatingInterceptor en gatein-wsrp no era segura para subprocesos o hilos. Para un endpoint WSRP específico, en escenarios de alta concurrencia o escenarios en los que los mensajes SOAP tardan en ser ejecutados, era posible que un atacante remoto no autenticado consiga información privilegiada si WS-Security está habilitado para el consumidor de WSRP, y el endpoint en cuestión está siendo utilizado por un usuario privilegiado. Esto afecta a JBoss Portal versión 6.2.0. • https://access.redhat.com/security/cve/cve-2014-3590 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590 https://security-tracker.debian.org/tracker/CVE-2014-3590 • CWE-352: Cross-Site Request Forgery (CSRF) •