CVE-2017-7470Incorrect Authorization in Redhat Satellite

CWE-863Incorrect Authorization5 documents5 sources
Severity
9.8CRITICALNVD
CNA6.5
EPSS
0.7%
top 27.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJul 27
Latest updateMay 13

Description

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDredhat/satellite5.6, 5.7+1

🔴Vulnerability Details

2
GHSA
GHSA-8hhp-cr56-3gg7: It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorizatio2022-05-13
CVEList
CVE-2017-7470: It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorizatio2018-07-27

📋Vendor Advisories

1
Red Hat
spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks2017-05-18

💬Community

1
Bugzilla
CVE-2017-7470 spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks2017-04-06
CVE-2017-7470 — Incorrect Authorization in Redhat | cvebase