CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10716 – rubygem-foreman_ansible: "User input" entry from Job Invocation may contain sensitive data
https://notcve.org/view.php?id=CVE-2020-10716
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4. Se encontró un fallo en Job Invocation de Red Hat Satellite, donde la entrada "User Input" no estaba restringida apropiadamente a la visualización. Este fallo permite a un usuario de Satellite malicioso escanear por medio del Job Invocation, con la capacidad de buscar contraseñas y otros datos confidenciales. • https://bugzilla.redhat.com/show_bug.cgi?id=1814998 https://bugzilla.redhat.com/show_bug.cgi?id=1827300 https://access.redhat.com/security/cve/CVE-2020-10716 • CWE-285: Improper Authorization •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14335 – foreman: world-readable OMAPI secret through the ISC DHCP server
https://notcve.org/view.php?id=CVE-2020-14335
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en Red Hat Satellite, que permite a un atacante privilegiado leer los secretos de OMAPI mediante el ISC DHCP de Smart-Proxy. Este fallo permite a un atacante conseguir el control de los registros DHCP de la red. • https://bugzilla.redhat.com/show_bug.cgi?id=1858302 https://access.redhat.com/security/cve/CVE-2020-14335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3413 – Satellite: Azure compute resource secret_key leak to authenticated users
https://notcve.org/view.php?id=CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite en tfm-rubygem-foreman_azure_rm en versiones anteriores a 2.2.0. Se identificó una filtración de credenciales que expondrá la clave secreta de Azure Resource Manager mediante la salida JSON de la API. • https://bugzilla.redhat.com/show_bug.cgi?id=1930352 https://access.redhat.com/security/cve/CVE-2021-3413 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20256 – Satellite: BMC controller credential leak via API
https://notcve.org/view.php?id=CVE-2021-20256
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite. La interfaz BMC expone la contraseña mediante la API a un atacante local autenticado con permiso view_hosts. • https://bugzilla.redhat.com/show_bug.cgi?id=1930926 https://access.redhat.com/security/cve/CVE-2021-20256 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14380 – Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
https://notcve.org/view.php?id=CVE-2020-14380
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. Se ha encontrado un fallo de toma de posesión de cuentas en Red Hat Satellite versiones 6.7.2 en adelante. Un potencial atacante con la autenticación apropiada a la fuente de autenticación externa relevante (SSO u Open ID) puede reclamar los privilegios de los usuarios locales ya existentes de Satellite Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on (SSO) to gain elevated privileges of existing local users. • https://bugzilla.redhat.com/show_bug.cgi?id=1873926 https://access.redhat.com/security/cve/CVE-2020-14380 • CWE-287: Improper Authentication •