Page 5 of 66 results (0.035 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en Red Hat Satellite, que permite a un atacante privilegiado leer los secretos de OMAPI mediante el ISC DHCP de Smart-Proxy. Este fallo permite a un atacante conseguir el control de los registros DHCP de la red. • https://bugzilla.redhat.com/show_bug.cgi?id=1858302 https://access.redhat.com/security/cve/CVE-2020-14335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite en tfm-rubygem-foreman_azure_rm en versiones anteriores a 2.2.0. Se identificó una filtración de credenciales que expondrá la clave secreta de Azure Resource Manager mediante la salida JSON de la API. • https://bugzilla.redhat.com/show_bug.cgi?id=1930352 https://access.redhat.com/security/cve/CVE-2021-3413 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en Red Hat Satellite. La interfaz BMC expone la contraseña mediante la API a un atacante local autenticado con permiso view_hosts. • https://bugzilla.redhat.com/show_bug.cgi?id=1930926 https://access.redhat.com/security/cve/CVE-2021-20256 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. Se ha encontrado un fallo de toma de posesión de cuentas en Red Hat Satellite versiones 6.7.2 en adelante. Un potencial atacante con la autenticación apropiada a la fuente de autenticación externa relevante (SSO u Open ID) puede reclamar los privilegios de los usuarios locales ya existentes de Satellite Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on (SSO) to gain elevated privileges of existing local users. • https://bugzilla.redhat.com/show_bug.cgi?id=1873926 https://access.redhat.com/security/cve/CVE-2020-14380 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. Se encontró un fallo en Red Hat Satellite versión 6, lo que permite a un atacante privilegiado leer los archivos de la caché. Estas credenciales de la caché podrían ayudar al atacante a conseguir el control completo de la instancia de Satellite A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. • https://bugzilla.redhat.com/show_bug.cgi?id=1858284 https://access.redhat.com/security/cve/CVE-2020-14334 • CWE-522: Insufficiently Protected Credentials •