CVE-2020-10710

CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 85.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman

Timeline

PublishedAug 16

Latest updateAug 17

Description

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5foreman-installerforeman-installer 1.24.1.22

▶NVDtheforeman/foreman< 1.24.1.22

🔴Vulnerability Details

GHSA

GHSA-h75h-w5qg-cx2h: A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer↗2022-08-17

▶

CVEList

CVE-2020-10710: A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer↗2022-08-16

▶

📋Vendor Advisories

Red Hat

foreman-installer: Candlepin plaintext password disclosure while Satellite update↗2021-12-10

▶

💬Community

Bugzilla

CVE-2020-10710 foreman-installer: Candlepin plaintext password disclosure while Satellite update↗2020-03-24

▶