Redhat: >> Satellite Security Vulnerabilities
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-06-02
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-05-27
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
6.3
EPSS Score
0.003
Published
2021-04-08
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-02-23
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-31
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-05-06
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-19
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-02
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-13
Katello has multiple XSS issues in various entities
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03