CVE-2018-14666Improper Authorization in Redhat Satellite

CWE-285Improper AuthorizationCWE-863Incorrect Authorization5 documents5 sources
Severity
7.2HIGHNVD
CNA6.8
EPSS
0.4%
top 42.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJan 22
Latest updateMay 13

Description

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDredhat/satellite6.06.4

🔴Vulnerability Details

2
GHSA
GHSA-7fqh-mgxh-pgrj: An improper authorization flaw was found in the Smart Class feature of Foreman2022-05-13
CVEList
CVE-2018-14666: An improper authorization flaw was found in the Smart Class feature of Foreman2019-01-22

📋Vendor Advisories

1
Red Hat
Satellite: Smart class parameters allow users to access other organizations2019-01-08

💬Community

1
Bugzilla
CVE-2018-14666 Satellite: Smart class parameters allow users to access other organizations2018-10-11
CVE-2018-14666 — Improper Authorization in Redhat | cvebase